Hi Utkarsh Did you type the CVE-number wrong? The CVE is CVE-2020-8859, right?
Cheers // Ola On Wed, 18 May 2022 at 14:12, Utkarsh Gupta <guptautkarsh2...@gmail.com> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > - ----------------------------------------------------------------------- > Debian LTS Advisory DLA-3014-1 debian-lts@lists.debian.org > https://www.debian.org/lts/security/ Utkarsh Gupta > May 18, 2022 https://wiki.debian.org/LTS > - ----------------------------------------------------------------------- > > Package : elog > Version : 3.1.2-1-1+deb9u1 > CVE ID : CVE-2020-8659 > > A vulnerability was reported in src:elog, a logbook system to manage > notes through a Web interface. This vulnerability allows remote > attackers to create a denial-of-service condition on affected > installations of ELOG Electronic Logbook. Authentication is not > required to exploit this vulnerability. The specific flaw exists > within the processing of HTTP parameters. A crafted request can > trigger the dereference of a null pointer. An attacker can leverage > this vulnerability to create a denial-of-service condition. > > For Debian 9 stretch, this problem has been fixed in version > 3.1.2-1-1+deb9u1. > > We recommend that you upgrade your elog packages. > > For the detailed security status of elog please refer to > its security tracker page at: > https://security-tracker.debian.org/tracker/elog > > Further information about Debian LTS security advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://wiki.debian.org/LTS > -----BEGIN PGP SIGNATURE----- > > iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmKE4hEACgkQgj6WdgbD > S5YffBAA6FRlAhak9z7kNxLXDGJCqTInUpv6QHk4Bau991xpCx4Cau0DsXY08P2c > 5xAbgOaT2kD6TPT/wptkH7E0SyDJ4p2EjNWEHGSNV9eVAGBd+sP4AbpDeRf/caXZ > GZkScCf5+PyVxD5YdyidF3HvRcJOPepIyT+eRx+6zx0vja7TCywpy4rqYFFOpEdm > 4O/aO7QhtCZNa2TI07SL8Gh3PcA7cveW6k4janMx4AZCDY+zcGeP4ySSHmaKjAE7 > 4xJbuo17q7AVGozzFuaMZoZD0z955/t1mYTUX864JCFpVoBJCbHxyaTCpy0pqD3/ > bRnBSrgZM2hCSlKaKOMo6Y0gpS4RGYi1uA/TQVrF11c6mNFZ7usbmbqsK3gvonOf > 5Y7HRXavVCCfU/XUoh30GTMGmfdo7HQLwdFCOu8yTZvyDBxjoLP3irciD3agrixW > 4yn3HHp4z8xj0iiegmpObyle77DKXBRRIftwEXZGwHl98LIXcqVJARWNMvZWTtjD > oVl6BeQSOSgeKf21psRzcv/QYS2Wd4hPBKtLVYNjbv3iBhbLZK3IMDbbHXT17JP7 > 0VxQnHG5d9wb3Edc20YvG5Sz/zNYGz/Ybjleu10DTgj4eNCN839RgKkrpZNttRCe > dYPf2u8xbF9SsJNVKeAUgOcj1kmN34rKBNphrne66+Wxl44e3T8= > =/o3p > -----END PGP SIGNATURE----- > -- --- Inguza Technology AB --- MSc in Information Technology ---- | o...@inguza.com o...@debian.org | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | ---------------------------------------------------------------
