[Git][security-tracker-team/security-tracker][master] Add CVE-2021-20201/spice

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bac8eeb0 by Salvatore Bonaccorso at 2021-02-17T08:34:27+01:00
Add CVE-2021-20201/spice

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17140,8 +17140,14 @@ CVE-2021-20203 [Failed malloc in vmxnet3_activate_device() in hw/net/vmxnet3.c]
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg07935.html
 CVE-2021-20202
 	RESERVED
-CVE-2021-20201
+CVE-2021-20201 [Client initiated renegotiation denial of service]
 	RESERVED
+	- spice <unfixed>
+	NOTE: https://gitlab.freedesktop.org/spice/spice/-/issues/49
+	NOTE: https://gitlab.freedesktop.org/spice/spice/-/commit/95a0cfac8a1c8eff50f05e65df945da3bb501fc9
+	NOTE: https://gitlab.freedesktop.org/spice/spice/-/commit/ca5bbc5692e052159bce1a75f55dc60b36078749
+	NOTE: https://blog.qualys.com/product-tech/2011/10/31/tls-renegotiation-and-denial-of-service-attacks
+	TODO: check details
 CVE-2021-20200
 	RESERVED
 	NOTE: Red Hat duplicate assignment for CVE-2020-29369, should be rejected, contacted CNA



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bac8eeb0394d4cfd971e44866ce552dbb5893037

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bac8eeb0394d4cfd971e44866ce552dbb5893037
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210217/07ee5c2d/attachment.html>