[Git][security-tracker-team/security-tracker][master] Add notes on CVE-2020-27304/civetweb

[Neil Williams (@codehelp)]

Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
83ee3132 by Neil Williams at 2021-11-01T12:05:30+00:00
Add notes on CVE-2020-27304/civetweb

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -71103,7 +71103,11 @@ CVE-2020-27306
 CVE-2020-27305
 	RESERVED
 CVE-2020-27304 (The CivetWeb web library does not validate uploaded filepaths when run ...)
-	TODO: check
+	- civetweb 1.15+dfsg-1
+	NOTE: vulnerable code is an example, not packaged by Debian but present in source package
+	NOTE: https://groups.google.com/g/civetweb/c/yPBxNXdGgJQ
+	NOTE: https://github.com/civetweb/civetweb/commit/b2ed60c589172b37f3d705c69d84313eeb8348b1
+	NOTE: https://github.com/civetweb/civetweb/commit/e489ff4f05647126ffa62d3a54f50bf7b7380776#diff-da20af5c7c76edbce3228777f142173af544c0202af876e8d5618f839f9ab2ac
 CVE-2020-27303
 	RESERVED
 CVE-2020-27302 (A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83ee31326ef9a9df2fce4512b204e910f2069ee5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83ee31326ef9a9df2fce4512b204e910f2069ee5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211101/774112f9/attachment.htm>