[Git][security-tracker-team/security-tracker][master] new ATS issue, might be dupe of existing ATS/HTTP2 issues

Fri Oct 25 18:16:53 BST 2019


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
425c7d5a by Moritz Muehlenhoff at 2019-10-25T17:16:21Z
new ATS issue, might be dupe of existing ATS/HTTP2 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25029,7 +25029,9 @@ CVE-2019-10081 (HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example co
 CVE-2019-10080
 	RESERVED
 CVE-2019-10079 (Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. E ...)
-	TODO: check
+	- trafficserver 8.0.5+ds-1
+	NOTE: The reference listed is for Tomcat, hard to tell what this is about
+	NOTE: Pinged MITRE for fixing the reference
 CVE-2019-10078 (A carefully crafted plugin link invocation could trigger an XSS vulner ...)
 	- jspwiki <removed>
 CVE-2019-10077 (A carefully crafted InterWiki link could trigger an XSS vulnerability  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/425c7d5ad22b9c28c705c5d072b4b3ef4e415742

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/425c7d5ad22b9c28c705c5d072b4b3ef4e415742
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191025/33c3b933/attachment.html>
