[Git][security-tracker-team/security-tracker][master] Update commits for CVE-2020-1927/apache2

Salvatore Bonaccorso carnil at debian.org
Thu Apr 30 10:45:13 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c1463242 by Salvatore Bonaccorso at 2020-04-30T11:43:13+02:00
Update commits for CVE-2020-1927/apache2

The actual commits to CVE-2020-1927 seem to be adressed only with
r1873905 and r1874191 from upstream. The previous r1864213 would relate
to the older CVE-2019-10098 (which as well matches according to release
dates of the versions from apache where fixing those issues).

Other arguments for it would be in SuSEs triage at
<https://bugzilla.suse.com/show_bug.cgi?id=1168407> but please do double
check.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27449,7 +27449,8 @@ CVE-2020-1927 (In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with
 	[stretch] - apache2 <no-dsa> (Minor issue)
 	[jessie] - apache2 <ignored> (Minor issue)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-1927
-	NOTE: Upstream patch: https://svn.apache.org/viewvc?view=revision&revision=1864213
+	NOTE: https://svn.apache.org/viewvc?view=revision&revision=1873905
+	NOTE: https://svn.apache.org/viewvc?view=revision&revision=1874191
 CVE-2020-1926
 	RESERVED
 CVE-2020-1925 (Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperI ...)
@@ -59588,6 +59589,7 @@ CVE-2019-10098 (In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with
 	- apache2 2.4.41-1
 	NOTE: Affects upstream versions 2.4.0 to 2.4.39
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10098
+	NOTE: https://svn.apache.org/r1864213
 	NOTE: https://svn.apache.org/r1864192
 CVE-2019-10097 (In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured  ...)
 	- apache2 2.4.41-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c146324230b1ba82734501d90d45ad9c302fec8e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c146324230b1ba82734501d90d45ad9c302fec8e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200430/5b603da7/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list