[SECURITY] [DLA 3014-1] elog security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3014-1] elog security update
From: Utkarsh Gupta <guptautkarsh2102@gmail.com>
Date: Wed, 18 May 2022 17:41:06 +0530
Message-id: <[🔎] CAPP0f95f=1rwfyDM-OGqsrM3LhjW+zeVG1pfbxqL_Ei=fyBuqA@mail.gmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-3014-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
May 18, 2022                                https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : elog
Version        : 3.1.2-1-1+deb9u1
CVE ID         : CVE-2020-8659

A vulnerability was reported in src:elog, a logbook system to manage
notes through a Web interface. This vulnerability allows remote
attackers to create a denial-of-service condition on affected
installations of ELOG Electronic Logbook. Authentication is not
required to exploit this vulnerability. The specific flaw exists
within the processing of HTTP parameters. A crafted request can
trigger the dereference of a null pointer. An attacker can leverage
this vulnerability to create a denial-of-service condition.

For Debian 9 stretch, this problem has been fixed in version
3.1.2-1-1+deb9u1.

We recommend that you upgrade your elog packages.

For the detailed security status of elog please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/elog

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmKE4hEACgkQgj6WdgbD
S5YffBAA6FRlAhak9z7kNxLXDGJCqTInUpv6QHk4Bau991xpCx4Cau0DsXY08P2c
5xAbgOaT2kD6TPT/wptkH7E0SyDJ4p2EjNWEHGSNV9eVAGBd+sP4AbpDeRf/caXZ
GZkScCf5+PyVxD5YdyidF3HvRcJOPepIyT+eRx+6zx0vja7TCywpy4rqYFFOpEdm
4O/aO7QhtCZNa2TI07SL8Gh3PcA7cveW6k4janMx4AZCDY+zcGeP4ySSHmaKjAE7
4xJbuo17q7AVGozzFuaMZoZD0z955/t1mYTUX864JCFpVoBJCbHxyaTCpy0pqD3/
bRnBSrgZM2hCSlKaKOMo6Y0gpS4RGYi1uA/TQVrF11c6mNFZ7usbmbqsK3gvonOf
5Y7HRXavVCCfU/XUoh30GTMGmfdo7HQLwdFCOu8yTZvyDBxjoLP3irciD3agrixW
4yn3HHp4z8xj0iiegmpObyle77DKXBRRIftwEXZGwHl98LIXcqVJARWNMvZWTtjD
oVl6BeQSOSgeKf21psRzcv/QYS2Wd4hPBKtLVYNjbv3iBhbLZK3IMDbbHXT17JP7
0VxQnHG5d9wb3Edc20YvG5Sz/zNYGz/Ybjleu10DTgj4eNCN839RgKkrpZNttRCe
dYPf2u8xbF9SsJNVKeAUgOcj1kmN34rKBNphrne66+Wxl44e3T8=
=/o3p
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3013-1] needrestart security update
Next by Date: [SECURITY] [DLA 3015-1] ark security update
Previous by thread: [SECURITY] [DLA 3013-1] needrestart security update
Next by thread: [SECURITY] [DLA 3015-1] ark security update
Index(es):
- Date
- Thread