[Git][security-tracker-team/security-tracker][master] Update information for CVE-2013-1841/libnet-server-perl

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Dec 3 15:28:41 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
30f36a86 by Salvatore Bonaccorso at 2022-12-03T16:23:08+01:00
Update information for CVE-2013-1841/libnet-server-perl

Consider it as fixed with the upstream version adding code and
configuration for double_reverse_lookups. Upstream does not enable the
checks by default but they need to be set by consumers trough
'reverse_lookups=double' or double_reverse_lookups=1'.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -484869,7 +484869,7 @@ CVE-2013-1842 (SQL injection vulnerability in the Extbase Framework in TYPO3 4.5
 	{DSA-2646-1}
 	- typo3-src 4.5.19+dfsg1-5 (bug #702574)
 CVE-2013-1841 (Net-Server, when the reverse-lookups option is enabled, does not check ...)
-	- libnet-server-perl <unfixed> (low; bug #702914)
+	- libnet-server-perl 2.013-1 (low; bug #702914)
 	[bullseye] - libnet-server-perl <ignored> (Minor issue)
 	[buster] - libnet-server-perl <ignored> (Minor issue)
 	[stretch] - libnet-server-perl <ignored> (Minor issue)
@@ -484877,6 +484877,9 @@ CVE-2013-1841 (Net-Server, when the reverse-lookups option is enabled, does not
 	[wheezy] - libnet-server-perl <ignored> (Minor issue)
 	[squeeze] - libnet-server-perl <no-dsa> (Minor issue)
 	NOTE: https://rt.cpan.org/Ticket/Display.html?id=83909
+	NOTE: 2.011 upstream adds 'double_reverse_lookups' configuration and code as fix
+	NOTE: for the issue, but does not enable the checks by default. They need to be
+	NOTE: enabled by consumers by setting 'reverse_lookups=double' or double_reverse_lookups=1'.
 CVE-2013-1840 (The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Gr ...)
 	- glance 2012.1.1-5 (bug #703063)
 CVE-2013-1839 (The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x befo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30f36a86ed316a49820c803010dd0f937ab10fcf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30f36a86ed316a49820c803010dd0f937ab10fcf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221203/903b7de7/attachment.htm>

More information about the debian-security-tracker-commits mailing list