[Git][security-tracker-team/security-tracker][master] Update apache2 CVEs CVE-2019-0217, CVE-2019-0220 and CVE-2019-0211

Jonas Meurer gitlab at salsa.debian.org
Tue Apr 2 15:49:50 BST 2019 


Jonas Meurer pushed to branch master at Debian Security Tracker / security-tracker


Commits:
520452b2 by Jonas Meurer at 2019-04-02T14:49:33Z
Update apache2 CVEs CVE-2019-0217, CVE-2019-0220 and CVE-2019-0211

* Mark jessie as not-affected for CVE-2019-0211
* Add notes to CVE-2019-0217 and CVE-2019-0220

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -28294,6 +28294,7 @@ CVE-2019-0220 [Apache httpd URL normalization inconsistincy]
 	RESERVED
 	- apache2 <unfixed>
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0220
+        NOTE: https://svn.apache.org/r1855737 and https://svn.apache.org/r1855853
 CVE-2019-0219
 	RESERVED
 CVE-2019-0218
@@ -28302,6 +28303,7 @@ CVE-2019-0217 [mod_auth_digest access control bypass]
 	RESERVED
 	- apache2 <unfixed>
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0217
+        NOTE: https://svn.apache.org/r1855298
 CVE-2019-0216
 	RESERVED
 CVE-2019-0215 [mod_ssl access control bypass]
@@ -28319,6 +28321,7 @@ CVE-2019-0212 (In all previously released Apache HBase 2.x versions (2.0.0-2.0.4
 CVE-2019-0211 [Apache HTTP Server privilege escalation from modules' scripts]
 	RESERVED
 	- apache2 <unfixed>
+	[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211
 CVE-2019-0210
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/520452b2fafc03398b38da432a2224035238a766

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/520452b2fafc03398b38da432a2224035238a766
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190402/443aac85/attachment.html>

More information about the debian-security-tracker-commits mailing list