[Git][security-tracker-team/security-tracker][master] ndpi is actually not-affected in stretch LTS

[Chris Lamb (@lamby)]

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a6796123 by Chris Lamb at 2021-07-05T12:13:45+01:00
ndpi is actually not-affected in stretch LTS

(I was inside a sid chroot, not my stretch one.)

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -185,6 +185,7 @@ CVE-2021-36083 (KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer
 	NOTE: https://invent.kde.org/frameworks/kimageformats/commit/297ed9a2fe339bfe36916b9fce628c3242e5be0f
 CVE-2021-36082 (ntop nDPI 3.4 has a stack-based buffer overflow in processClientServer ...)
 	- ndpi <unfixed> (bug #990528)
+	[stretch] - ndpi <not-affected> (Vulnerable code added later)
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30393
 	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ndpi/OSV-2021-304.yaml
 	NOTE: https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3


=====================================
data/dla-needed.txt
=====================================
@@ -75,8 +75,6 @@ linux (Ben Hutchings)
 --
 linux-4.19 (Ben Hutchings)
 --
-ndpi (Chris Lamb)
---
 nettle (Emilio)
   NOTE: 20210628: difficult backport, wip (Emilio)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a679612321f6efc011e300f923f334b3cda0fdf1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a679612321f6efc011e300f923f334b3cda0fdf1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210705/2e62dbd5/attachment.htm>