[Git][security-tracker-team/security-tracker][master] 2 commits: Add extra note for CVE-2019-20892

Salvatore Bonaccorso carnil at debian.org
Mon Jul 6 17:02:07 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bfd99bdd by Salvatore Bonaccorso at 2020-07-06T17:57:12+02:00
Add extra note for CVE-2019-20892

- - - - -
7ac78dd9 by Salvatore Bonaccorso at 2020-07-06T17:58:19+02:00
Add TODO item for CVE-2019-20892

It has been claimed that the issue does not affect 5.7.3, but this
should be proven first. While it is correct that the poc does not
trigger the issue, we need to find where the issue has been introduced.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1378,6 +1378,9 @@ CVE-2019-20892 (net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStat
 	NOTE: https://github.com/net-snmp/net-snmp/commit/39381c4d20dd8042870c28ae3b0c16291e50b705
 	NOTE: https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9
 	NOTE: https://github.com/net-snmp/net-snmp/commit/87bd90d04f20dd3f73e3e7e631a442ccd419b9d3
+	NOTE: Extra patches to address memory leaks:
+	NOTE: https://salsa.debian.org/debian/net-snmp/-/merge_requests/3
+	TODO: It is claimed that the issue does not affect older versions than 5.8, but no source evidence has been yet shown
 CVE-2019-20891 (WooCommerce before 3.6.5, when it handles CSV imports of products, has ...)
 	NOT-FOR-US: WooCommerce
 CVE-2020-14929 (Alpine before 2.23 silently proceeds to use an insecure connection aft ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ab98a41bad65b3d85d27f91a2ee213a079fc7e2d...7ac78dd934bea5f6ea8bc4a817873672c97e03db

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ab98a41bad65b3d85d27f91a2ee213a079fc7e2d...7ac78dd934bea5f6ea8bc4a817873672c97e03db
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200706/9d11ca58/attachment.html>

More information about the debian-security-tracker-commits mailing list