Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2020-12823

Source

Debian Bug report logs - #960620
openconnect: buffer overflow in certificate handling (CVE-2020-12823)

Package: openconnect; Maintainer for openconnect is Mike Miller <mtmiller@debian.org>; Source for openconnect is src:openconnect (PTS, buildd, popcon).

Reported by: Luca Boccassi <bluca@debian.org>

Date: Thu, 14 May 2020 17:54:01 UTC

Severity: important

Tags: pending, security, upstream

Found in versions openconnect/6.00-1, openconnect/7.08-1+deb9u1, openconnect/8.02-1+deb10u1, openconnect/8.09-1

Fixed in version 6.00-2+deb8u2

Forwarded to https://gitlab.com/openconnect/openconnect/-/merge_requests/108

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Mike Miller <mtmiller@debian.org>:
Bug#960620; Package openconnect. (Thu, 14 May 2020 17:54:03 GMT) (full text, mbox, link).

Acknowledgement sent to Luca Boccassi <bluca@debian.org>:
New Bug report received and forwarded. Copy sent to Mike Miller <mtmiller@debian.org>. (Thu, 14 May 2020 17:54:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Package: openconnect
Version: 6.00-1
Severity: important
Tags: security

Openconnect is affected by a buffer overflow in certificate handling,
that goes back at least to 6.00-1 (old-old-stable).

Fixed upstream by:

https://gitlab.com/openconnect/openconnect/-/merge_requests/108

-- 
Kind regards,
Luca Boccassi

[signature.asc (application/pgp-signature, inline)]

Message sent on to Luca Boccassi <bluca@debian.org>:
Bug#960620. (Thu, 14 May 2020 18:21:09 GMT) (full text, mbox, link).

Message #8 received at 960620-submitter@bugs.debian.org (full text, mbox, reply):

Control: tag -1 pending

Hello,

Bug #960620 in openconnect reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/debian/openconnect/-/commit/6a08dff61901e6cf1ff1f1840f3af97f4b10bbfc

------------------------------------------------------------------------
Backport patch to fix CVE-2020-12823

Closes: #960620
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/960620

Added tag(s) pending. Request was from Luca Boccassi <noreply@salsa.debian.org> to 960620-submitter@bugs.debian.org. (Thu, 14 May 2020 18:21:09 GMT) (full text, mbox, link).

Added tag(s) upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 14 May 2020 19:27:03 GMT) (full text, mbox, link).

Set Bug forwarded-to-address to 'https://gitlab.com/openconnect/openconnect/-/merge_requests/108'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 14 May 2020 19:27:03 GMT) (full text, mbox, link).

Marked as found in versions openconnect/8.09-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 14 May 2020 19:36:02 GMT) (full text, mbox, link).

Marked as found in versions openconnect/8.02-1+deb10u1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 14 May 2020 19:36:02 GMT) (full text, mbox, link).

Marked as found in versions openconnect/7.08-1+deb9u1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Thu, 14 May 2020 19:36:03 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Mike Miller <mtmiller@debian.org>:
Bug#960620; Package openconnect. (Thu, 14 May 2020 22:00:05 GMT) (full text, mbox, link).

Acknowledgement sent to Luca Boccassi <bluca@debian.org>:
Extra info received and forwarded to list. Copy sent to Mike Miller <mtmiller@debian.org>. (Thu, 14 May 2020 22:00:05 GMT) (full text, mbox, link).

Message #25 received at 960620@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

On Thu, 2020-05-14 at 18:50 +0100, Luca Boccassi wrote:
> Package: openconnect
> Version: 6.00-1
> Severity: important
> Tags: security
> 
> Openconnect is affected by a buffer overflow in certificate handling,
> that goes back at least to 6.00-1 (old-old-stable).
> 
> Fixed upstream by:
> 
> https://gitlab.com/openconnect/openconnect/-/merge_requests/108

Dear security team,

I uploaded to old-old-stable on request from the LTS team. How would
you like to handle stable and old-stable?

-- 
Kind regards,
Luca Boccassi

[signature.asc (application/pgp-signature, inline)]

Marked as fixed in versions 6.00-2+deb8u2. Request was from Luca Boccassi <bluca@debian.org> to control@bugs.debian.org. (Fri, 15 May 2020 09:54:07 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri May 15 10:20:13 2020; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

openconnect: buffer overflow in certificate handling (CVE-2020-12823)

Debian Bug report logs - #960620
openconnect: buffer overflow in certificate handling (CVE-2020-12823)

Vulmon Search

About

Products

Connect

openconnect: buffer overflow in certificate handling (CVE-2020-12823)

Debian Bug report logs - #960620 openconnect: buffer overflow in certificate handling (CVE-2020-12823)

Vulmon Search

About

Products

Connect

Debian Bug report logs - #960620
openconnect: buffer overflow in certificate handling (CVE-2020-12823)