[Git][security-tracker-team/security-tracker][master] log4net, http-parser bugs

Moritz Muehlenhoff jmm at debian.org
Tue Dec 15 12:54:11 GMT 2020 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7477a163 by Moritz Mühlenhoff at 2020-12-15T13:53:54+01:00
log4net, http-parser bugs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -88509,7 +88509,7 @@ CVE-2019-15605 (HTTP request smuggling in Node.js 10, 12, and 13 causes maliciou
 	[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
 	[jessie] - nodejs <end-of-life> (Nodejs in jessie not covered by security support)
 	[experimental] - http-parser 2.9.3-1
-	- http-parser <unfixed>
+	- http-parser <unfixed> (bug #977467)
 	[buster] - http-parser <no-dsa> (Minor issue)
 	[stretch] - http-parser <ignored> (Invasive patch, requires prior content-length support and public struct changes that break ABI)
 	[jessie] - http-parser <ignored> (Invasive patch, requires prior content-length support and public struct changes that break ABI)
@@ -185606,7 +185606,7 @@ CVE-2018-1286 (In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileg
 	NOT-FOR-US: Apache OpenMeetings
 CVE-2018-1285 (Apache log4net versions before 2.0.10 do not disable XML external enti ...)
 	{DLA-2211-1}
-	- log4net <unfixed> (low)
+	- log4net <unfixed> (low; bug #977468)
 	[buster] - log4net <no-dsa> (Minor issue)
 	[stretch] - log4net <no-dsa> (Minor issue; requires application to accept arbitrary configuration files)
 	NOTE: https://issues.apache.org/jira/browse/LOG4NET-575



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7477a1633f31ff66f78be346a992cdd7e6fa7d86

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7477a1633f31ff66f78be346a992cdd7e6fa7d86
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201215/ddf2bda5/attachment.html>

More information about the debian-security-tracker-commits mailing list