Discussion:
Bug#980007: tcmu: CVE-2020-28374
Add Reply
Salvatore Bonaccorso
2021-01-12 20:20:02 UTC
Reply
Permalink
Source: tcmu
Version: 1.5.2-5
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: ***@debian.org, Debian Security Team <***@security.debian.org>

Hi,

The following vulnerability was published for tcmu.

CVE-2020-28374[0]:
| Linux SCSI target (LIO) unrestricted copy offload

A patch was provided in [1] but at time of writing it does not apper
to be yet in the upstream repository.

Further information in [2].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-28374
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28374
[1] https://bugzilla.suse.com/show_bug.cgi?id=1180676
[2] https://www.openwall.com/lists/oss-security/2021/01/12/12

Regards,
Salvatore
Debian Bug Tracking System
2021-01-13 20:30:01 UTC
Reply
Permalink
retitle -1 tcmu: VE-2021-3139
Bug #980007 [src:tcmu] tcmu: CVE-2020-28374
Changed Bug title to 'tcmu: VE-2021-3139' from 'tcmu: CVE-2020-28374'.
--
980007: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980007
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Salvatore Bonaccorso
2021-01-13 20:30:02 UTC
Reply
Permalink
Control: retitle -1 tcmu: VE-2021-3139
Post by Salvatore Bonaccorso
Source: tcmu
Version: 1.5.2-5
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
The following vulnerability was published for tcmu.
| Linux SCSI target (LIO) unrestricted copy offload
MITRE assigned a separate CVE for the tcmu issue as per
https://www.openwall.com/lists/oss-security/2021/01/13/5 .

Regards,
Salvatore

Loading...