Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2ebee5f4 by Ola Lundqvist at 2020-06-27T23:44:25+02:00 Concluded that CVE-2018-21245 was already corrected in jessie. - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -2999,10 +2999,12 @@ CVE-2018-21246 (Caddy before 0.10.13 mishandles TLS client authentication, as de CVE-2018-21245 (Pound before 2.8 allows HTTP request smuggling, a related issue to CVE ...) - pound 2.8-2 [stretch] - pound 2.7-1.3+deb9u1 + [jessie] - pound 2.6-6+deb8u2 NOTE: https://admin.hostpoint.ch/pipermail/pound_apsis.ch/2018-May/000054.html NOTE: The exact scope of CVE-2018-21245 (a related issue to CVE-2016-10711) was NOTE: as well fixed with the same changes as done upstream for 2.8. The backport NOTE: for 2.7 was a backport of all security relevant changes between 2.7 and 2.8. + NOTE: The same corrections were made in 2.6 version for jessie so fixed in that too. CVE-2017-18869 (A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 co ...) - node-chownr 1.1.1-1 (bug #909024) NOTE: https://github.com/isaacs/chownr/issues/14 ===================================== data/dla-needed.txt ===================================== @@ -105,9 +105,6 @@ perl (Abhijith PA) php5 (Thorsten Alteholz) NOTE: 20200621: testing package (thorsten) -- -pound (Ola Lundqvist) - NOTE: 20200619: No explicit patch mentioned. Needs deeper research. --- python3.4 (Sylvain Beucler) NOTE: 20200623: waiting for CVE-2020-14422's patch to be approved upstream -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ebee5f4c4e2f2eccfd8b53040bab38a6ccf867e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ebee5f4c4e2f2eccfd8b53040bab38a6ccf867e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits