[Secure-testing-commits] r58771 - data/CVE

Apollon Oikonomopoulos apoikos at moszumanska.debian.org
Thu Dec 21 09:51:33 UTC 2017


Author: apoikos
Date: 2017-12-21 09:51:33 +0000 (Thu, 21 Dec 2017)
New Revision: 58771

Modified:
   data/CVE/list
Log:
Add h2o CVE info


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-21 09:10:13 UTC (rev 58770)
+++ data/CVE/list	2017-12-21 09:51:33 UTC (rev 58771)
@@ -27588,8 +27588,10 @@
 	RESERVED
 CVE-2017-10909
 	RESERVED
-CVE-2017-10908
-	RESERVED
+CVE-2017-10908 (h2o 2.2.x: crash when handling malformed HTTP/2 request)
+	- h2o 2.2.4+dfsg-1 (medium)
+	NOTE: fixed in 2.2.4
+	NOTE: https://github.com/h2o/h2o/issues/1544
 CVE-2017-10907
 	RESERVED
 CVE-2017-10906 (Escape sequence injection vulnerability in Fluentd versions 0.12.29 ...)
@@ -27660,16 +27662,22 @@
 	NOT-FOR-US: PWR-Q200
 CVE-2017-10873 (OpenAM (Open Source Edition) allows an attacker to bypass ...)
 	NOT-FOR-US: OpenAM
-CVE-2017-10872
-	RESERVED
+CVE-2017-10872 (h2o: 2.2.x: crash when logging TLS 1.3 properties in h2o)
+	- h2o 2.2.4+dfsg-1 (medium)
+	NOTE: Fixed in 2.2.4
+	NOTE: https://github.com/h2o/h2o/issues/1543
 CVE-2017-10871 (Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version ...)
 	NOT-FOR-US: NTT DOCOMO Wi-Fi STATION L-02F Software
 CVE-2017-10870 (Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki ...)
 	NOT-FOR-US: Rakuraku Hagaki
-CVE-2017-10869
-	RESERVED
-CVE-2017-10868
-	RESERVED
+CVE-2017-10869 (h2o 2.2.x: stack overflow when sending huge request body to upstream)
+	- h2o 2.2.3+dfsg-1 (medium)
+	NOTE: Fixed in 2.2.3
+	NOTE: https://github.com/h2o/h2o/issues/1460
+CVE-2017-10868 (h2o 2.2.x: crash when receiving HTTP/1 request with invalid framing)
+	- h2o 2.2.3+dfsg-1 (medium)
+	NOTE: Fixed in 2.2.3
+	NOTE: https://github.com/h2o/h2o/issues/1459
 CVE-2017-10867
 	RESERVED
 CVE-2017-10866




More information about the Secure-testing-commits mailing list