libusrsctp (0.9.3.0+20190901-1) vulnerabilities
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libusrsctp (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
1) Focal Fossa 20.04 LTS
2) libusrsctp (0.9.3.
3) upgrade to 0.9.4.0 or 0.9.5.0
4) I've been in touch with Byron Campen by email who is in charge of the bug B1795697 (https:/
According to another direct contact I had with the Mozilla security team (Dan Veditz), the problems they found were mainly race conditions (https:/
The version in Ubuntu 20.04 is also affected by CVE-2019-20503.
Conclusion: versions 0.9.4.0 and 0.9.5.0 of the library would not be impacted. Previous versions are potentially impacted.
Alexandre
CVE References
information type: | Private Security → Public Security |
Changed in libusrsctp (Ubuntu): | |
status: | Confirmed → Incomplete |
tags: | added: focal |
description: | updated |
Thanks for the detailed information - I can't see a good reason to keep this bug private, would you mind if I make it publicly visible?