[Git][security-tracker-team/security-tracker][master] 2 commits: Track fixed versions for CVE-2020-10188

Salvatore Bonaccorso carnil at debian.org
Tue Mar 31 22:06:05 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
249c1de1 by Salvatore Bonaccorso at 2020-03-31T23:01:50+02:00
Track fixed versions for CVE-2020-10188

snapshot.d.o does not provide all versions, but those are the earlies
avaiable which contain the respective rewrites of the nextitem function
and related changes.

It would have been nice to try to track this down to a specific change
in netkit-telnet/0.17-14 which indicates an appropriate fix present
before the 0.17-18woody2 version.

- - - - -
cffb700a by Salvatore Bonaccorso at 2020-03-31T23:05:36+02:00
Remove netkit-telnet and netkit-telnet-ssl from dsa-needed list

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2931,8 +2931,8 @@ CVE-2020-10190 (An issue was discovered in MunkiReport before 5.3.0. An authenti
 CVE-2020-10189 (Zoho ManageEngine Desktop Central before 10.0.474 allows remote code e ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote attac ...)
-	- netkit-telnet <unfixed> (bug #953477)
-	- netkit-telnet-ssl <unfixed> (bug #953478)
+	- netkit-telnet 0.17-18woody2 (bug #953477)
+	- netkit-telnet-ssl 0.17.17+0.1-2woody3 (bug #953478)
 	NOTE: https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html
 	NOTE: https://github.com/marado/netkit-telnet-ssl/issues/5
 CVE-2019-20503 (usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_address ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -23,10 +23,6 @@ mediawiki (jmm)
 --
 mercurial/oldstable
 --
-netkit-telnet
---
-netkit-telnet-ssl
---
 nodejs
 --
 nss/oldstable (jmm)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/07494345ffa78ffb60a641c5c35ee29ed6f8564a...cffb700ae1b9c498bfaaad461d938cdf888e12e2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/07494345ffa78ffb60a641c5c35ee29ed6f8564a...cffb700ae1b9c498bfaaad461d938cdf888e12e2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200331/e614d859/attachment.html>

More information about the debian-security-tracker-commits mailing list