[Git][security-tracker-team/security-tracker][master] 2 commits: Add Debian bug reference for CVE-2019-20892

Salvatore Bonaccorso carnil at debian.org
Thu Jun 25 21:39:49 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bbcb2b7c by Salvatore Bonaccorso at 2020-06-25T22:34:06+02:00
Add Debian bug reference for CVE-2019-20892

- - - - -
f8ef6dd9 by Salvatore Bonaccorso at 2020-06-25T22:38:08+02:00
Remove note on introducing commit for CVE-2019-20892

This is not correct, if, then the commit is an attempt to fix the
double-free, but the current issue needs first to be proberly
investigated. When applying adc9b71aba9168ec64149345ea37a1acc11875c6,
then later on upstreeam did need to do some further commits to properly
handle the situation. See
<https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027/comments/6>

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -779,8 +779,7 @@ CVE-2020-14931 (A stack-based buffer overflow in DMitry (Deepmagic Information G
 CVE-2020-14930 (An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. A ...)
 	NOT-FOR-US: BT CTROMS Terminal OS Port Portal CT-464
 CVE-2019-20892 (net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateRefer ...)
-	- net-snmp <unfixed>
-	NOTE: Introduced by: https://github.com/net-snmp/net-snmp/commit/adc9b71aba9168ec64149345ea37a1acc11875c6
+	- net-snmp <unfixed> (bug #963713)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/06/25/4
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027
 	TODO: check details, unclear yet affected range



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/aa7654c73429d0bd10c431cd9b536998978a3144...f8ef6dd9c876e41d25141af996a421b5ec72d622

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/aa7654c73429d0bd10c431cd9b536998978a3144...f8ef6dd9c876e41d25141af996a421b5ec72d622
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200625/7eb53f28/attachment.html>

More information about the debian-security-tracker-commits mailing list