diff options
author | Neil Williams <codehelp@debian.org> | 2021-11-01 12:05:30 +0000 |
---|---|---|
committer | Neil Williams <codehelp@debian.org> | 2021-11-01 12:05:30 +0000 |
commit | 3ebf1d9cb7673f2194d664a9b0a55d384ff0df68 (patch) | |
tree | fa7b958d4c6c27d26fbe49bec3691655bbcadfc0 | |
parent | 3b58922b8b7b0748e0b02c25152198e3025b491a (diff) |
Add notes on CVE-2020-27304/civetweb
-rw-r--r-- | data/CVE/2020.list | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index ca6fcc1d40..3d1d50f614 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -9211,7 +9211,11 @@ CVE-2020-27306 CVE-2020-27305 RESERVED CVE-2020-27304 (The CivetWeb web library does not validate uploaded filepaths when run ...) - TODO: check + - civetweb 1.15+dfsg-1 + NOTE: vulnerable code is an example, not packaged by Debian but present in source package + NOTE: https://groups.google.com/g/civetweb/c/yPBxNXdGgJQ + NOTE: https://github.com/civetweb/civetweb/commit/b2ed60c589172b37f3d705c69d84313eeb8348b1 + NOTE: https://github.com/civetweb/civetweb/commit/e489ff4f05647126ffa62d3a54f50bf7b7380776#diff-da20af5c7c76edbce3228777f142173af544c0202af876e8d5618f839f9ab2ac CVE-2020-27303 RESERVED CVE-2020-27302 (A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devi ...) |