Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f334013c by Salvatore Bonaccorso at 2019-04-07T19:10:04Z
Add various CVE fixes for apache2 via 2.4.38-3 upload to unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -28933,7 +28933,7 @@ CVE-2019-0221
CVE-2019-0220 [Apache httpd URL normalization inconsistincy]
RESERVED
{DSA-4422-1 DLA-1748-1}
- - apache2 <unfixed>
+ - apache2 2.4.38-3
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0220
NOTE: https://svn.apache.org/r1855737
NOTE: https://svn.apache.org/r1855751
@@ -28944,14 +28944,14 @@ CVE-2019-0218
CVE-2019-0217 [mod_auth_digest access control bypass]
RESERVED
{DSA-4422-1 DLA-1748-1}
- - apache2 <unfixed>
+ - apache2 2.4.38-3
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0217
NOTE: https://svn.apache.org/r1855298
CVE-2019-0216
RESERVED
CVE-2019-0215 [mod_ssl access control bypass]
RESERVED
- - apache2 <unfixed>
+ - apache2 2.4.38-3
[stretch] - apache2 <not-affected> (Vulnerable code introduced later)
[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0215
@@ -28964,7 +28964,7 @@ CVE-2019-0212 (In all previously released Apache HBase
2.x versions (2.0.0-2.0.4
CVE-2019-0211 [Apache HTTP Server privilege escalation from modules' scripts]
RESERVED
{DSA-4422-1}
- - apache2 <unfixed>
+ - apache2 2.4.38-3
[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211
NOTE: https://svn.apache.org/r1855378
@@ -29001,14 +29001,14 @@ CVE-2019-0198
REJECTED
CVE-2019-0197 [mod_http2, possible crash on late upgrade]
RESERVED
- - apache2 <unfixed>
+ - apache2 2.4.38-3
[stretch] - apache2 <not-affected> (Vulnerable code introduced later)
[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0197
CVE-2019-0196 [mod_http2, read-after-free on a string compare]
RESERVED
{DSA-4422-1}
- - apache2 <unfixed>
+ - apache2 2.4.38-3
[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
NOTE: NOTE: HTTP/2 support introduced in 2.4.17
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0196
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f334013c2b80abe45e774e8724186451d3ad75c9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/f334013c2b80abe45e774e8724186451d3ad75c9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
