[Git][security-tracker-team/security-tracker][master] Add various CVE fixes for apache2 via 2.4.38-3 upload to unstable

Sun Apr 7 20:10:44 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f334013c by Salvatore Bonaccorso at 2019-04-07T19:10:04Z
Add various CVE fixes for apache2 via 2.4.38-3 upload to unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -28933,7 +28933,7 @@ CVE-2019-0221
 CVE-2019-0220 [Apache httpd URL normalization inconsistincy]
 	RESERVED
 	{DSA-4422-1 DLA-1748-1}
-	- apache2 <unfixed>
+	- apache2 2.4.38-3
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0220
 	NOTE: https://svn.apache.org/r1855737
 	NOTE: https://svn.apache.org/r1855751
@@ -28944,14 +28944,14 @@ CVE-2019-0218
 CVE-2019-0217 [mod_auth_digest access control bypass]
 	RESERVED
 	{DSA-4422-1 DLA-1748-1}
-	- apache2 <unfixed>
+	- apache2 2.4.38-3
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0217
 	NOTE: https://svn.apache.org/r1855298
 CVE-2019-0216
 	RESERVED
 CVE-2019-0215 [mod_ssl access control bypass]
 	RESERVED
-	- apache2 <unfixed>
+	- apache2 2.4.38-3
 	[stretch] - apache2 <not-affected> (Vulnerable code introduced later)
 	[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0215
@@ -28964,7 +28964,7 @@ CVE-2019-0212 (In all previously released Apache HBase 2.x versions (2.0.0-2.0.4
 CVE-2019-0211 [Apache HTTP Server privilege escalation from modules' scripts]
 	RESERVED
 	{DSA-4422-1}
-	- apache2 <unfixed>
+	- apache2 2.4.38-3
 	[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211
 	NOTE: https://svn.apache.org/r1855378
@@ -29001,14 +29001,14 @@ CVE-2019-0198
 	REJECTED
 CVE-2019-0197 [mod_http2, possible crash on late upgrade]
 	RESERVED
-	- apache2 <unfixed>
+	- apache2 2.4.38-3
 	[stretch] - apache2 <not-affected> (Vulnerable code introduced later)
 	[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0197
 CVE-2019-0196 [mod_http2, read-after-free on a string compare]
 	RESERVED
 	{DSA-4422-1}
-	- apache2 <unfixed>
+	- apache2 2.4.38-3
 	[jessie] - apache2 <not-affected> (Vulnerable code introduced later)
 	NOTE: NOTE: HTTP/2 support introduced in 2.4.17
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0196



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f334013c2b80abe45e774e8724186451d3ad75c9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f334013c2b80abe45e774e8724186451d3ad75c9
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190407/417d1de5/attachment.html>
