Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: dbc64cf1 by Thorsten Alteholz at 2020-05-03T19:51:53+02:00 add another commit to really fix CVE-2016-10711 - - - - - 7ca56dc6 by Thorsten Alteholz at 2020-05-03T19:54:21+02:00 Reserve DLA-2196-2 for pound - - - - - 2 changed files: - data/CVE/list - data/DLA/list Changes: ===================================== data/CVE/list ===================================== @@ -124484,6 +124484,8 @@ CVE-2016-10711 (Apsis Pound before 2.8a allows request smuggling via crafted hea NOTE: Fixed by https://build.opensuse.org/request/show/571084 NOTE: Confirmed that the SUSE patch is the security relevant diff between NOTE: version 2.7 and 2.8a + NOTE: an additional fix of the fix is needed to avoid that pound uses 100% CPU + NOTE: https://github.com/graygnuorg/pound/commit/c5a95780e2233a05ab3fb8b4eb8a9550f0c3b53c CVE-2018-6375 RESERVED CVE-2018-6374 (The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients ...) ===================================== data/DLA/list ===================================== @@ -1,3 +1,5 @@ +[03 May 2020] DLA-2196-2 pound - regression update + [jessie] - pound 2.6-6+deb8u3 [03 May 2020] DLA-2200-1 mailman - security update {CVE-2020-12137} [jessie] - mailman 1:2.1.18-2+deb8u5 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/972b0df5cc9f3302a51421ed2c29d7c09d6d5d5a...7ca56dc6b8546c3029be670ff0be210beff975c4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/972b0df5cc9f3302a51421ed2c29d7c09d6d5d5a...7ca56dc6b8546c3029be670ff0be210beff975c4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits