[Git][security-tracker-team/security-tracker][master] Concluded that CVE-2018-21245 was already corrected in jessie.

Sat, 27 Jun 2020 14:45:40 -0700 


Ola Lundqvist pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2ebee5f4 by Ola Lundqvist at 2020-06-27T23:44:25+02:00
Concluded that CVE-2018-21245 was already corrected in jessie.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2999,10 +2999,12 @@ CVE-2018-21246 (Caddy before 0.10.13 mishandles TLS 
client authentication, as de
 CVE-2018-21245 (Pound before 2.8 allows HTTP request smuggling, a related 
issue to CVE ...)
        - pound 2.8-2
        [stretch] - pound 2.7-1.3+deb9u1
+       [jessie] - pound 2.6-6+deb8u2
        NOTE: 
https://admin.hostpoint.ch/pipermail/pound_apsis.ch/2018-May/000054.html
        NOTE: The exact scope of CVE-2018-21245 (a related issue to 
CVE-2016-10711) was
        NOTE: as well fixed with the same changes as done upstream for 2.8. The 
backport
        NOTE: for 2.7 was a backport of all security relevant changes between 
2.7 and 2.8.
+       NOTE: The same corrections were made in 2.6 version for jessie so fixed 
in that too.
 CVE-2017-18869 (A TOCTOU issue in the chownr package before 1.1.0 for Node.js 
10.10 co ...)
        - node-chownr 1.1.1-1 (bug #909024)
        NOTE: https://github.com/isaacs/chownr/issues/14


=====================================
data/dla-needed.txt
=====================================
@@ -105,9 +105,6 @@ perl (Abhijith PA)
 php5 (Thorsten Alteholz)
   NOTE: 20200621: testing package (thorsten)
 --
-pound (Ola Lundqvist)
-  NOTE: 20200619: No explicit patch mentioned. Needs deeper research.
---
 python3.4 (Sylvain Beucler)
   NOTE: 20200623: waiting for CVE-2020-14422's patch to be approved upstream
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ebee5f4c4e2f2eccfd8b53040bab38a6ccf867e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ebee5f4c4e2f2eccfd8b53040bab38a6ccf867e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to