[Git][security-tracker-team/security-tracker][master] Update status for CVE-2016-1133/h2o

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9b4eee23 by Salvatore Bonaccorso at 2018-07-29T04:12:27Z
Update status for CVE-2016-1133/h2o

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -118890,7 +118890,10 @@ CVE-2016-1135 (Cross-site scripting (XSS) 
vulnerability on BUFFALO BHR-4GRV2 dev
 CVE-2016-1134 (Cross-site request forgery (CSRF) vulnerability on BUFFALO 
BHR-4GRV2 ...)
        NOT-FOR-US: BUFFALO
 CVE-2016-1133 (CRLF injection vulnerability in the on_req function in ...)
-       NOT-FOR-US: H2O
+       - h2o <not-affected> (Fixed before initial upload to Debian)
+       NOTE: https://github.com/h2o/h2o/issues/682
+       NOTE: https://github.com/h2o/h2o/issues/684
+       NOTE: https://github.com/h2o/h2o/pull/684
 CVE-2016-1132 (Shoplat App for iOS 1.10.00 through 1.18.00 does not properly 
verify ...)
        NOT-FOR-US: Shoplat App
 CVE-2016-1131 (Buffer overflow in the CL_vsprintf function in Takumi Yamada DX 
...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b4eee238e0590eefa9784d8228a672e429a442a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b4eee238e0590eefa9784d8228a672e429a442a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits