Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: d0668b6b by Salvatore Bonaccorso at 2018-05-09T10:15:03+02:00 Cleanup haproxy entries after CVE-2018-1119 rejection in favour of CVE-2018-10184 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -1593,6 +1593,12 @@ CVE-2018-10186 (In radare2 2.5.0, there is a heap-based buffer over-read in the CVE-2018-10185 (An issue was discovered in TuziCMS v2.0.6. There is a CSRF ...) NOT-FOR-US: TuziCMS CVE-2018-10184 (An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame ...) + - haproxy 1.8.8-1 + [stretch] - haproxy <not-affected> (Vulnerable code introduced later with HTTP/2 support) + [jessie] - haproxy <not-affected> (Vulnerable code introduced later with HTTP/2 support) + [wheezy] - haproxy <not-affected> (Vulnerable code introduced later with HTTP/2 support) + NOTE: http://git.haproxy.org/?p=haproxy.git;a=commit;h=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588 + NOTE: http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28 TODO: check CVE-2018-10183 (An issue was discovered in BigTree 4.2.22. There is cross-site ...) NOT-FOR-US: BigTree CMS @@ -26363,13 +26369,8 @@ CVE-2018-1121 RESERVED CVE-2018-1120 RESERVED -CVE-2018-1119 [Heap buffer overflow in mux_h2.c:h2_process_demux() can allow attackers to cause a denial of service] +CVE-2018-1119 REJECTED - - haproxy 1.8.8-1 - [stretch] - haproxy <not-affected> (Vulnerable code introduced later with HTTP/2 support) - [jessie] - haproxy <not-affected> (Vulnerable code introduced later with HTTP/2 support) - [wheezy] - haproxy <not-affected> (Vulnerable code introduced later with HTTP/2 support) - NOTE: http://git.haproxy.org/?p=haproxy.git;a=commitdiff;h=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588 CVE-2018-1118 [vhost: Information disclosure in vhost/vhost.c:vhost_new_msg()] RESERVED - linux <unfixed> View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0668b6b5527383f3742ea6d7cd6dac64ea1d282 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0668b6b5527383f3742ea6d7cd6dac64ea1d282 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits