[Secure-testing-commits] r58986 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Dec 28 09:06:37 UTC 2017
Author: carnil
Date: 2017-12-28 09:06:37 +0000 (Thu, 28 Dec 2017)
New Revision: 58986
Modified:
data/CVE/list
Log:
Add bug reference for CVE-2017-7559, #885576
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-12-28 08:59:39 UTC (rev 58985)
+++ data/CVE/list 2017-12-28 09:06:37 UTC (rev 58986)
@@ -38230,8 +38230,8 @@
NOTE: Introduced by: https://github.com/spacewalkproject/spacewalk/commit/75d9c00b96ab430221c5c7668baebebc74ddd67e
CVE-2017-7559 [HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)]
RESERVED
- - undertow <undetermined>
- NOTE: For an incomplete fix of CVE-2017-2666
+ - undertow <unfixed> (bug #885576)
+ NOTE: CVE is for an incomplete fix of CVE-2017-2666
NOTE: Invalid characters were still allowed in the query string and path parameters.
TODO: check, asked for clarification to Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=1481665#c7
CVE-2017-7558 [sctp: out-of-bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info()]
More information about the Secure-testing-commits
mailing list