[Git][security-tracker-team/security-tracker][master] Add noe for CVE-2019-0053/inetutils

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9d523229 by Salvatore Bonaccorso at 2021-09-05T08:40:22+02:00
Add noe for CVE-2019-0053/inetutils

There was a followup fix for inetutils not directly covered by the CVE
which fixed a following infitinte loop causing stack exhaustion, as
noted by Adrian Bunk.

Link: https://bugs.debian.org/945861#30

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -191593,6 +191593,9 @@ CVE-2019-0053 (Insufficient validation of environment variables in the telnet cl
 	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:12.telnet.asc
 	NOTE: https://raw.githubusercontent.com/hackerhouse-opensource/exploits/master/inetutils-telnet.txt
 	NOTE: https://www.openwall.com/lists/oss-security/2018/12/14/8
+	NOTE: Additional patch to fix infinite loop causing stack exhaustion (but not
+	NOTE: directly covered by this CVE applied in inetutils/2:2.2-2):
+	NOTE: https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/diff/?id=0d246b17e51060daac8a26848a8d9e5722fcca24
 CVE-2019-0052 (The srxpfe process may crash on SRX Series services gateways when the  ...)
 	NOT-FOR-US: Juniper
 CVE-2019-0051 (SSL-Proxy feature on SRX devices fails to handle a hardware resource l ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d523229c2cca932e15170de5d628ca3314f965b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d523229c2cca932e15170de5d628ca3314f965b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210905/06b5129f/attachment.htm>