[Git][security-tracker-team/security-tracker][master] 2 commits: Add commit references for CVE-2019-11236/python-urllib3

Sat, 04 May 2019 14:30:02 -0700 


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b2dcc606 by Roberto C. Sánchez at 2019-05-04T21:28:40Z
Add commit references for CVE-2019-11236/python-urllib3

- - - - -
8c443eae by Roberto C. Sánchez at 2019-05-04T21:29:26Z
LTS, python-urllib3 status update

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1267,6 +1267,8 @@ CVE-2019-11237
 CVE-2019-11236 (In the urllib3 library through 1.24.1 for Python, CRLF 
injection is po ...)
        - python-urllib3 <unfixed> (bug #927172)
        NOTE: https://github.com/urllib3/urllib3/issues/1553
+       NOTE: 
https://github.com/urllib3/urllib3/commit/9b76785331243689a9d52cef3db05ef7462cb02d
+       NOTE: 
https://github.com/urllib3/urllib3/commit/efddd7e7bad26188c3b692d1090cba768afa9162
 CVE-2019-11235 (FreeRADIUS before 3.0.19 mishandles the "each participant 
verifies tha ...)
        - freeradius 3.0.17+dfsg-1.1 (bug #926958)
        [stretch] - freeradius <no-dsa> (Minor issue; plugin not enabled by 
default)


=====================================
data/dla-needed.txt
=====================================
@@ -101,7 +101,8 @@ poppler
   NOTE: 20190408: No known upstream patches available for remaining open CVEs 
(sunweaver)
 --
 python-urllib3 (Roberto C. Sánchez)
-  NOTE: 20190429: Waiting on upstream action for CVE-2019-9740 (roberto)
+  NOTE: 20190504: Upstream has committed fix for CVE-2019-11236; though, their 
commits, 9b76785 and efddd7e, reference CVE-2019-9740 (roberto)
+  NOTE: 20190504: Working now on backporting the fixes (roberto)
 --
 python2.7 (Roberto C. Sánchez)
   NOTE: 20190321: Patches integrated for CVE-2018-14647, CVE-2019-5010, and 
CVE-2019-9636



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/b92017b2fe50b94722fa0d184a85678f55f180ba...8c443eaecd2d581a4562232312472bdc001ea1ff

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/b92017b2fe50b94722fa0d184a85678f55f180ba...8c443eaecd2d581a4562232312472bdc001ea1ff
You're receiving this email because of your account on salsa.debian.org.


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to