[Git][security-tracker-team/security-tracker][master] 2 commits: LTS: ignore CVE-2020-15473

Anton Gladky (@gladk) gladk at debian.org
Sat Aug 27 20:21:18 BST 2022 


Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker


Commits:
db83ae38 by Anton Gladky at 2022-08-27T21:20:32+02:00
LTS: ignore CVE-2020-15473

- - - - -
b18d1f41 by Anton Gladky at 2022-08-27T21:20:38+02:00
LTS: mark CVE-2020-15475 as not-affected for buster

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -160133,6 +160133,7 @@ CVE-2020-15476 (In nDPI through 3.2, the Oracle protocol dissector has a heap-ba
 CVE-2020-15475 (In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c om ...)
 	- ndpi 3.4-1 (bug #972050)
 	[stretch] - ndpi <not-affected> (Vulnerable code not present, content_disposition_line introduced later)
+	[buster] - ndpi <not-affected> (Vulnerable code not present, content_disposition_line introduced later)
 	NOTE: https://github.com/ntop/nDPI/commit/6a9f5e4f7c3fd5ddab3e6727b071904d76773952 (3.4)
 CVE-2020-15474 (In nDPI through 3.2, there is a stack overflow in extractRDNSequence i ...)
 	- ndpi 3.4-1 (bug #972050)
@@ -160142,6 +160143,7 @@ CVE-2020-15474 (In nDPI through 3.2, there is a stack overflow in extractRDNSequ
 CVE-2020-15473 (In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-bas ...)
 	- ndpi 3.4-1 (bug #972050)
 	[stretch] - ndpi <not-affected> (Vulnerable code introduced later)
+	[buster] - ndpi <ignored> (Patch cannot be cleanly applied. Codebase changed a lot.)
 	NOTE: https://github.com/ntop/nDPI/commit/8e7b1ea7a136cc4e4aa9880072ec2d69900a825e (3.4)
 CVE-2020-15472 (In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based ...)
 	- ndpi 3.4-1 (bug #972050)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/47976b80a09c5e377f688b5b211c1c8a95b86d3a...b18d1f41e7b215ed96de704374bda7abb11f6270

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/47976b80a09c5e377f688b5b211c1c8a95b86d3a...b18d1f41e7b215ed96de704374bda7abb11f6270
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220827/170d48b5/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list