[Secure-testing-team] Bug#760990: ntopng: Several vulnerabilities fixed upstream in 1.2.1
Salvatore Bonaccorso
carnil at debian.org
Tue Sep 9 18:06:58 UTC 2014
Source: ntopng
Severity: grave
Tags: security upstream fixed-upstream
Hi Ludovico,
Marking this bugreport as grave, as more information seem a bit
scarce, so was not able to identify the issues. There is an upstream
report [1] which mentions several fixes were done in ntopng 1.2.1.
[1] http://www.ntop.org/ndpi/released-ndpi-1-5-1-and-ntopng-1-2-1/
> Fixes for
> - CVE-2014-5464
> - CVE-2014-4329
Strangely this was marked as fixed in 1.2.0+dfsg1-1 in the security
tracker at [2]. Is this information correct?
[2] https://security-tracker.debian.org/tracker/CVE-2014-4329
> - CVE-2014-5511, CVE-2014-5512, CVE-2014-5513, CVE-2014-5514,
> CVE-2014-5515
No information referenced for these in the advisory.
Could you have a look at them and also clarify if CVE-2014-4329
version information is wrong in the tracker?
Regards,
Salvatore
More information about the Secure-testing-team
mailing list