Re: [SECURITY] [DLA 3014-1] elog security update

To: Debian LTS <debian-lts@lists.debian.org>
Subject: Re: [SECURITY] [DLA 3014-1] elog security update
From: Ola Lundqvist <ola@inguza.com>
Date: Sat, 21 May 2022 00:18:56 +0200
Message-id: <[🔎] CABY6=0kNVYrTdhfVgx4b_G0b3_G+h=A_Du1_yqtr8ixSG=wexQ@mail.gmail.com>
In-reply-to: <CAPP0f95f=1rwfyDM-OGqsrM3LhjW+zeVG1pfbxqL_Ei=fyBuqA@mail.gmail.com>
References: <CAPP0f95f=1rwfyDM-OGqsrM3LhjW+zeVG1pfbxqL_Ei=fyBuqA@mail.gmail.com>

Hi Utkarsh

Did you type the CVE-number wrong? The CVE is CVE-2020-8859, right?

Cheers

// Ola

On Wed, 18 May 2022 at 14:12, Utkarsh Gupta <guptautkarsh2102@gmail.com> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> - -----------------------------------------------------------------------
> Debian LTS Advisory DLA-3014-1              debian-lts@lists.debian.org
> https://www.debian.org/lts/security/                      Utkarsh Gupta
> May 18, 2022                                https://wiki.debian.org/LTS
> - -----------------------------------------------------------------------
>
> Package        : elog
> Version        : 3.1.2-1-1+deb9u1
> CVE ID         : CVE-2020-8659
>
> A vulnerability was reported in src:elog, a logbook system to manage
> notes through a Web interface. This vulnerability allows remote
> attackers to create a denial-of-service condition on affected
> installations of ELOG Electronic Logbook. Authentication is not
> required to exploit this vulnerability. The specific flaw exists
> within the processing of HTTP parameters. A crafted request can
> trigger the dereference of a null pointer. An attacker can leverage
> this vulnerability to create a denial-of-service condition.
>
> For Debian 9 stretch, this problem has been fixed in version
> 3.1.2-1-1+deb9u1.
>
> We recommend that you upgrade your elog packages.
>
> For the detailed security status of elog please refer to
> its security tracker page at:
> https://security-tracker.debian.org/tracker/elog
>
> Further information about Debian LTS security advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://wiki.debian.org/LTS
> -----BEGIN PGP SIGNATURE-----
>
> iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmKE4hEACgkQgj6WdgbD
> S5YffBAA6FRlAhak9z7kNxLXDGJCqTInUpv6QHk4Bau991xpCx4Cau0DsXY08P2c
> 5xAbgOaT2kD6TPT/wptkH7E0SyDJ4p2EjNWEHGSNV9eVAGBd+sP4AbpDeRf/caXZ
> GZkScCf5+PyVxD5YdyidF3HvRcJOPepIyT+eRx+6zx0vja7TCywpy4rqYFFOpEdm
> 4O/aO7QhtCZNa2TI07SL8Gh3PcA7cveW6k4janMx4AZCDY+zcGeP4ySSHmaKjAE7
> 4xJbuo17q7AVGozzFuaMZoZD0z955/t1mYTUX864JCFpVoBJCbHxyaTCpy0pqD3/
> bRnBSrgZM2hCSlKaKOMo6Y0gpS4RGYi1uA/TQVrF11c6mNFZ7usbmbqsK3gvonOf
> 5Y7HRXavVCCfU/XUoh30GTMGmfdo7HQLwdFCOu8yTZvyDBxjoLP3irciD3agrixW
> 4yn3HHp4z8xj0iiegmpObyle77DKXBRRIftwEXZGwHl98LIXcqVJARWNMvZWTtjD
> oVl6BeQSOSgeKf21psRzcv/QYS2Wd4hPBKtLVYNjbv3iBhbLZK3IMDbbHXT17JP7
> 0VxQnHG5d9wb3Edc20YvG5Sz/zNYGz/Ybjleu10DTgj4eNCN839RgKkrpZNttRCe
> dYPf2u8xbF9SsJNVKeAUgOcj1kmN34rKBNphrne66+Wxl44e3T8=
> =/o3p
> -----END PGP SIGNATURE-----
>


-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
|  ola@inguza.com                    opal@debian.org            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
 ---------------------------------------------------------------

Reply to:

Follow-Ups:
- Re: [SECURITY] [DLA 3014-1] elog security update
  - From: Utkarsh Gupta <guptautkarsh2102@gmail.com>

Prev by Date: Re: How to interpret packages-to-support
Next by Date: Re: Support for ckeditor3 in Debian
Previous by thread: Re: How to interpret packages-to-support
Next by thread: Re: [SECURITY] [DLA 3014-1] elog security update
Index(es):
- Date
- Thread