| Summary: | libndpi securty issue CVE-2020-15475 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Zombie Ryushu <zombie_ryushu> |
| Component: | Security | Assignee: | Stig-Ørjan Smelror <smelror> |
| Status: | RESOLVED OLD | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | mageia, ouaurelien |
| Version: | 7 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://nvd.nist.gov/vuln/detail/CVE-2020-15475 | ||
| Whiteboard: | |||
| Source RPM: | libndpi-2.6-2.mga8.src.rpm | CVE: | CVE-2020-15475 |
| Status comment: | Fixed upstream in 3.4, updating would require updating ntopng | ||
|
Description
Zombie Ryushu
2020-12-06 02:54:02 CET
Zombie Ryushu
2020-12-06 02:54:35 CET
CVE:
(none) =>
CVE-2020-15475 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15475 Source RPM:
ndpi-1.4.0-0.1.svn7329.3.mga5.src =>
libndpi-2.6-2.mga8.src.rpm Hi, thanks for reporting this bug. Assigned to the package maintainer. (Please set the status to 'assigned' if you are working on it) CC:
(none) =>
ouaurelien updating to latest version to fix this CVE in cauldron. can we do the update on mageia 7 ? CC:
(none) =>
mageia libndpi-3.4-1.mga8 is the updated version in Cauldron. It's only used by ntopng, so as long as the updated version works with that in Mageia 7, then we're good. It looks like 3.4 updates the library major, so we'd have to rebuild ntopng if we updated it. Summary:
ndpi securty issue CVE-2020-15475 =>
libndpi securty issue CVE-2020-15475
David Walser
2020-12-28 19:14:18 CET
Status comment:
(none) =>
Fixed upstream in 3.4, updating would require updating ntopng https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/ Status:
NEW =>
RESOLVED |