CVE-2020-5202 is reserved but details are available on the oss-security ml.
According to the [URL] <net-misc/apt-cacher-ng-3.3.1_p2 are vulnerable.
The changes in Debian patch level 2 concern mostly the runtime configuration files which the ebuilds do not install. Upstream is working toward[0] more general changes to mitigate the issue. I guess we'll have to wait for an official release. [0] https://salsa.debian.org/blade/apt-cacher-ng/commit/3b91874b0c099b0ded1a94f1784fe1265082efbc
um, like that
CVE-2020-5202 (https://nvd.nist.gov/vuln/detail/CVE-2020-5202): apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can.
URL references commit 3b91874b, looks like we may be good here now?: apt-cacher-ng $ git tag --contains=3b91874b debian/3.3.1-1 debian/3.3.1-2 debian/3.3.1-2_bpo10+1 debian/3.3.1-2_bpo9+1 debian/3.4-1 debian/3.5-1 upstream/3.4
(In reply to John Helmert III (ajak) from comment #5) > URL references commit 3b91874b, looks like we may be good here now?: > > apt-cacher-ng $ git tag --contains=3b91874b > debian/3.3.1-1 > debian/3.3.1-2 > debian/3.3.1-2_bpo10+1 > debian/3.3.1-2_bpo9+1 > debian/3.4-1 > debian/3.5-1 > upstream/3.4 debian/3.3.1-1 was first in tree before this bug was filed and cleanup is long done. All done here.