Description: "nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component is: nfx.c:546, nffile_inline.c:83, minilzo.c (redistributed). The attack vector is: nfdump must read and process a specially crafted file. The fixed version is: after commit 9f0fe9563366f62a71d34c92229da3432ec5cf0e." Patch: https://github.com/phaag/nfdump/commit/9f0fe9563366f62a71d34c92229da3432ec5cf0e
2) CVE-2019-14459 Description: "nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service)." Bug: https://github.com/phaag/nfdump/issues/171 Patch: https://github.com/phaag/nfdump/commit/3b006ededaf351f1723aea6c727c9edd1b1fff9b
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
New GLSA request filed.
This issue was resolved and addressed in GLSA 202003-17 at https://security.gentoo.org/glsa/202003-17 by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for cleanup.
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
@maintainer(s), ping, please cleanup