diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-07-06 17:58:19 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-07-06 17:58:19 +0200 |
commit | 7ac78dd934bea5f6ea8bc4a817873672c97e03db (patch) | |
tree | 04bc48f216847e6a0192eae1862e454f03612bb9 /data/CVE | |
parent | bfd99bdd15be5d14fa370f4d5427ed8dd25ce685 (diff) |
Add TODO item for CVE-2019-20892
It has been claimed that the issue does not affect 5.7.3, but this
should be proven first. While it is correct that the poc does not
trigger the issue, we need to find where the issue has been introduced.
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/list | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index ace83345d9..7aa86de91b 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1380,6 +1380,7 @@ CVE-2019-20892 (net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStat NOTE: https://github.com/net-snmp/net-snmp/commit/87bd90d04f20dd3f73e3e7e631a442ccd419b9d3 NOTE: Extra patches to address memory leaks: NOTE: https://salsa.debian.org/debian/net-snmp/-/merge_requests/3 + TODO: It is claimed that the issue does not affect older versions than 5.8, but no source evidence has been yet shown CVE-2019-20891 (WooCommerce before 3.6.5, when it handles CSV imports of products, has ...) NOT-FOR-US: WooCommerce CVE-2020-14929 (Alpine before 2.23 silently proceeds to use an insecure connection aft ...) |