[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-20445/netty: reference complementary patch

Fri, 14 Feb 2020 10:27:40 -0800 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
804e8584 by Sylvain Beucler at 2020-02-14T19:24:29+01:00
CVE-2019-20445/netty: reference complementary patch

- - - - -
d32b36d7 by Sylvain Beucler at 2020-02-14T19:26:32+01:00
dla: update netty status

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1233,6 +1233,7 @@ CVE-2019-20445 (HttpObjectDecoder.java in Netty before 
4.1.44 allows a Content-L
        - netty-3.9 <removed>
        NOTE: https://github.com/netty/netty/issues/9861
        NOTE: 
https://github.com/netty/netty/commit/8494b046ec7e4f28dbd44bc699cc4c4c92251729 
(4.1)
+       NOTE: 
https://github.com/netty/netty/commit/629034624626b722128e0fcc6b3ec9d406cb3706 
(4.1)
        NOTE: 
https://github.com/netty/netty/commit/5f68897880467c00f29495b0aa46ed19bf7a873c 
(tests)
 CVE-2019-20444 (HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP 
header th ...)
        - netty <unfixed> (bug #950966)


=====================================
data/dla-needed.txt
=====================================
@@ -44,10 +44,10 @@ linux (Ben Hutchings)
 linux-4.9 (Ben Hutchings)
 --
 netty (Sylvain Beucler)
-  NOTE: 20200131: Have not checked if the jessie code is vulnerable since the 
explicit patches could not
-  NOTE: 20200131: be found. So that remains. The issues however looks 
important enough to fix. (ola)
+  NOTE: 20200214: upstream's still refining the fix (beuc)
 --
 netty-3.9 (Sylvain Beucler)
+  NOTE: 20200214: upstream's still refining the fix (beuc)
 --
 nodejs
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/c9356c50a74e0e48c4a7a90bb40c057fe243f9fe...d32b36d7280109f7d6cb9eb24e1298eb4340de04

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/c9356c50a74e0e48c4a7a90bb40c057fe243f9fe...d32b36d7280109f7d6cb9eb24e1298eb4340de04
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to