[Git][security-tracker-team/security-tracker][master] 2 commits: Add commit references for CVE-2019-11236/python-urllib3

Sat May 4 22:29:46 BST 2019


Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b2dcc606 by Roberto C. Sánchez at 2019-05-04T21:28:40Z
Add commit references for CVE-2019-11236/python-urllib3

- - - - -
8c443eae by Roberto C. Sánchez at 2019-05-04T21:29:26Z
LTS, python-urllib3 status update

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1267,6 +1267,8 @@ CVE-2019-11237
 CVE-2019-11236 (In the urllib3 library through 1.24.1 for Python, CRLF injection is po ...)
 	- python-urllib3 <unfixed> (bug #927172)
 	NOTE: https://github.com/urllib3/urllib3/issues/1553
+	NOTE: https://github.com/urllib3/urllib3/commit/9b76785331243689a9d52cef3db05ef7462cb02d
+	NOTE: https://github.com/urllib3/urllib3/commit/efddd7e7bad26188c3b692d1090cba768afa9162
 CVE-2019-11235 (FreeRADIUS before 3.0.19 mishandles the "each participant verifies tha ...)
 	- freeradius 3.0.17+dfsg-1.1 (bug #926958)
 	[stretch] - freeradius <no-dsa> (Minor issue; plugin not enabled by default)


=====================================
data/dla-needed.txt
=====================================
@@ -101,7 +101,8 @@ poppler
   NOTE: 20190408: No known upstream patches available for remaining open CVEs (sunweaver)
 --
 python-urllib3 (Roberto C. Sánchez)
-  NOTE: 20190429: Waiting on upstream action for CVE-2019-9740 (roberto)
+  NOTE: 20190504: Upstream has committed fix for CVE-2019-11236; though, their commits, 9b76785 and efddd7e, reference CVE-2019-9740 (roberto)
+  NOTE: 20190504: Working now on backporting the fixes (roberto)
 --
 python2.7 (Roberto C. Sánchez)
   NOTE: 20190321: Patches integrated for CVE-2018-14647, CVE-2019-5010, and CVE-2019-9636



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b92017b2fe50b94722fa0d184a85678f55f180ba...8c443eaecd2d581a4562232312472bdc001ea1ff

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/b92017b2fe50b94722fa0d184a85678f55f180ba...8c443eaecd2d581a4562232312472bdc001ea1ff
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190504/1112cdd8/attachment-0001.html>
