Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dbc64cf1 by Thorsten Alteholz at 2020-05-03T19:51:53+02:00
add another commit to really fix CVE-2016-10711
- - - - -
7ca56dc6 by Thorsten Alteholz at 2020-05-03T19:54:21+02:00
Reserve DLA-2196-2 for pound
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -124484,6 +124484,8 @@ CVE-2016-10711 (Apsis Pound before 2.8a allows
request smuggling via crafted hea
NOTE: Fixed by https://build.opensuse.org/request/show/571084
NOTE: Confirmed that the SUSE patch is the security relevant diff
between
NOTE: version 2.7 and 2.8a
+ NOTE: an additional fix of the fix is needed to avoid that pound uses
100% CPU
+ NOTE:
https://github.com/graygnuorg/pound/commit/c5a95780e2233a05ab3fb8b4eb8a9550f0c3b53c
CVE-2018-6375
RESERVED
CVE-2018-6374 (The GUI component (aka PulseUI) in Pulse Secure Desktop Linux
clients ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,5 @@
+[03 May 2020] DLA-2196-2 pound - regression update
+ [jessie] - pound 2.6-6+deb8u3
[03 May 2020] DLA-2200-1 mailman - security update
{CVE-2020-12137}
[jessie] - mailman 1:2.1.18-2+deb8u5
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/972b0df5cc9f3302a51421ed2c29d7c09d6d5d5a...7ca56dc6b8546c3029be670ff0be210beff975c4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/972b0df5cc9f3302a51421ed2c29d7c09d6d5d5a...7ca56dc6b8546c3029be670ff0be210beff975c4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
