[Secure-testing-commits] r58771 - data/CVE
Apollon Oikonomopoulos
apoikos at moszumanska.debian.org
Thu Dec 21 09:51:33 UTC 2017
Author: apoikos
Date: 2017-12-21 09:51:33 +0000 (Thu, 21 Dec 2017)
New Revision: 58771
Modified:
data/CVE/list
Log:
Add h2o CVE info
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-21 09:10:13 UTC (rev 58770)
+++ data/CVE/list 2017-12-21 09:51:33 UTC (rev 58771)
@@ -27588,8 +27588,10 @@
RESERVED
CVE-2017-10909
RESERVED
-CVE-2017-10908
- RESERVED
+CVE-2017-10908 (h2o 2.2.x: crash when handling malformed HTTP/2 request)
+ - h2o 2.2.4+dfsg-1 (medium)
+ NOTE: fixed in 2.2.4
+ NOTE: https://github.com/h2o/h2o/issues/1544
CVE-2017-10907
RESERVED
CVE-2017-10906 (Escape sequence injection vulnerability in Fluentd versions 0.12.29 ...)
@@ -27660,16 +27662,22 @@
NOT-FOR-US: PWR-Q200
CVE-2017-10873 (OpenAM (Open Source Edition) allows an attacker to bypass ...)
NOT-FOR-US: OpenAM
-CVE-2017-10872
- RESERVED
+CVE-2017-10872 (h2o: 2.2.x: crash when logging TLS 1.3 properties in h2o)
+ - h2o 2.2.4+dfsg-1 (medium)
+ NOTE: Fixed in 2.2.4
+ NOTE: https://github.com/h2o/h2o/issues/1543
CVE-2017-10871 (Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version ...)
NOT-FOR-US: NTT DOCOMO Wi-Fi STATION L-02F Software
CVE-2017-10870 (Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki ...)
NOT-FOR-US: Rakuraku Hagaki
-CVE-2017-10869
- RESERVED
-CVE-2017-10868
- RESERVED
+CVE-2017-10869 (h2o 2.2.x: stack overflow when sending huge request body to upstream)
+ - h2o 2.2.3+dfsg-1 (medium)
+ NOTE: Fixed in 2.2.3
+ NOTE: https://github.com/h2o/h2o/issues/1460
+CVE-2017-10868 (h2o 2.2.x: crash when receiving HTTP/1 request with invalid framing)
+ - h2o 2.2.3+dfsg-1 (medium)
+ NOTE: Fixed in 2.2.3
+ NOTE: https://github.com/h2o/h2o/issues/1459
CVE-2017-10867
RESERVED
CVE-2017-10866
More information about the Secure-testing-commits
mailing list