diff options
author | Neil Williams <codehelp@debian.org> | 2021-11-01 12:05:30 +0000 |
---|---|---|
committer | Neil Williams <codehelp@debian.org> | 2021-11-01 12:05:30 +0000 |
commit | 1c1b72513e9e27cd26a38b2fc6c89168a816db16 (patch) | |
tree | 99a92882b490129726dcdd2cb834528f22a4cfd7 | |
parent | 262a16c99521539949c88c5e52364bd717659a67 (diff) |
Add notes on CVE-2020-27304/civetweb
-rw-r--r-- | data/CVE/list.2020 | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index ca6fcc1d40..3d1d50f614 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -9211,7 +9211,11 @@ CVE-2020-27306 CVE-2020-27305 RESERVED CVE-2020-27304 (The CivetWeb web library does not validate uploaded filepaths when run ...) - TODO: check + - civetweb 1.15+dfsg-1 + NOTE: vulnerable code is an example, not packaged by Debian but present in source package + NOTE: https://groups.google.com/g/civetweb/c/yPBxNXdGgJQ + NOTE: https://github.com/civetweb/civetweb/commit/b2ed60c589172b37f3d705c69d84313eeb8348b1 + NOTE: https://github.com/civetweb/civetweb/commit/e489ff4f05647126ffa62d3a54f50bf7b7380776#diff-da20af5c7c76edbce3228777f142173af544c0202af876e8d5618f839f9ab2ac CVE-2020-27303 RESERVED CVE-2020-27302 (A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devi ...) |