Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9e4b71c5 by Salvatore Bonaccorso at 2021-09-13T21:45:51+02:00
Add references for CVE-2020-11080/nghttp2
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -102991,9 +102991,13 @@ CVE-2020-11081 (osquery before version 4.4.0 enables
a privilege escalation vuln
- osquery <itp> (bug #803502)
CVE-2020-11080 (In nghttp2 before version 1.41.0, the overly large HTTP/2
SETTINGS fra ...)
{DSA-4696-1}
+ - nghttp2 1.41.0-1
- nodejs 10.21.0~dfsg-1 (bug #962145)
[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security
support)
[jessie] - nodejs <end-of-life> (Nodejs in jessie not covered by
security support)
+ NOTE:
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr
+ NOTE:
https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090
(v1.41.0)
+ NOTE:
https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394
(v1.41.0)
NOTE:
https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#http-2-large-settings-frame-dos-low-cve-2020-11080
CVE-2020-11079 (node-dns-sync (npm module dns-sync) through 0.2.0 allows
execution of ...)
NOT-FOR-US: dns-sync nodejs module
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e4b71c544ff10d00abd2a8937d6355134f27a29
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e4b71c544ff10d00abd2a8937d6355134f27a29
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
