Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0c329cbc by Salvatore Bonaccorso at 2020-01-10T14:26:12+01:00
Add Debian bug reference for CVE-2019-20372/nginx
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37,7 +37,7 @@ CVE-2019-20375 (A cross-site scripting (XSS) vulnerability in
Electronic Logbook
CVE-2019-20374 (A mutation cross-site scripting (XSS) issue in Typora through
0.9.9.31 ...)
NOT-FOR-US: Typora
CVE-2019-20372 (NGINX before 1.17.7, with certain error_page configurations,
allows HT ...)
- - nginx <unfixed> (low)
+ - nginx <unfixed> (low; bug #948579)
[buster] - nginx <no-dsa> (Minor issue)
[stretch] - nginx <no-dsa> (Minor issue)
NOTE:
https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c329cbcfa7e3a5251d03a6f9c069f313bd5c1f1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c329cbcfa7e3a5251d03a6f9c069f313bd5c1f1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
