Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: 804e8584 by Sylvain Beucler at 2020-02-14T19:24:29+01:00 CVE-2019-20445/netty: reference complementary patch - - - - - d32b36d7 by Sylvain Beucler at 2020-02-14T19:26:32+01:00 dla: update netty status - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -1233,6 +1233,7 @@ CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-L - netty-3.9 <removed> NOTE: https://github.com/netty/netty/issues/9861 NOTE: https://github.com/netty/netty/commit/8494b046ec7e4f28dbd44bc699cc4c4c92251729 (4.1) + NOTE: https://github.com/netty/netty/commit/629034624626b722128e0fcc6b3ec9d406cb3706 (4.1) NOTE: https://github.com/netty/netty/commit/5f68897880467c00f29495b0aa46ed19bf7a873c (tests) CVE-2019-20444 (HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header th ...) - netty <unfixed> (bug #950966) ===================================== data/dla-needed.txt ===================================== @@ -44,10 +44,10 @@ linux (Ben Hutchings) linux-4.9 (Ben Hutchings) -- netty (Sylvain Beucler) - NOTE: 20200131: Have not checked if the jessie code is vulnerable since the explicit patches could not - NOTE: 20200131: be found. So that remains. The issues however looks important enough to fix. (ola) + NOTE: 20200214: upstream's still refining the fix (beuc) -- netty-3.9 (Sylvain Beucler) + NOTE: 20200214: upstream's still refining the fix (beuc) -- nodejs -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c9356c50a74e0e48c4a7a90bb40c057fe243f9fe...d32b36d7280109f7d6cb9eb24e1298eb4340de04 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c9356c50a74e0e48c4a7a90bb40c057fe243f9fe...d32b36d7280109f7d6cb9eb24e1298eb4340de04 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits