[Git][security-tracker-team/security-tracker][master] netty: reference duplicate package netty-3.9 (stretch,jessie)
Sylvain Beucler
beuc at debian.org
Thu Feb 6 15:21:06 GMT 2020
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
638a2324 by Sylvain Beucler at 2020-02-06T16:18:33+01:00
netty: reference duplicate package netty-3.9 (stretch,jessie)
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -509,9 +509,11 @@ CVE-2020-8433
RESERVED
CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length ...)
- netty <unfixed>
+ - netty-3.9 <unfixed>
NOTE: https://github.com/netty/netty/issues/9861
CVE-2019-20444 (HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header th ...)
- netty <unfixed>
+ - netty-3.9 <unfixed>
NOTE: https://github.com/netty/netty/issues/9866
CVE-2020-8432 (In Das U-Boot through 2020.01, a double free has been found in the cmd ...)
- u-boot <unfixed> (low)
@@ -3142,6 +3144,7 @@ CVE-2019-20382
RESERVED
CVE-2020-7238 (Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles ...)
- netty <unfixed>
+ - netty-3.9 <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1796225
NOTE: https://github.com/jdordonezn/CVE-2020-72381/issues/1
NOTE: Issue exists because of incomplete fix for CVE-2019-16869.
@@ -26973,6 +26976,7 @@ CVE-2019-16870
CVE-2019-16869 (Netty before 4.1.42.Final mishandles whitespace before the colon in HT ...)
{DSA-4597-1 DLA-1941-1}
- netty 1:4.1.33-2 (bug #941266)
+ - netty-3.9 <unfixed>
NOTE: https://github.com/netty/netty/issues/9571
NOTE: https://github.com/netty/netty/commit/39cafcb05c99f2aa9fce7e6597664c9ed6a63a95
CVE-2019-16868 (emlog through 6.0.0beta has an arbitrary file deletion vulnerability v ...)
@@ -254143,6 +254147,8 @@ CVE-2014-3489 (lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Eng
NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2014-3488 (The SslHandler in Netty before 3.9.2 allows remote attackers to cause ...)
- netty <not-affected> (Introduced in 3.9.0)
+ - netty-3.9 <unfixed>
+ [stretch] - netty-3.9 <not-affected>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1107983 says only affects 3.9.0 and 3.9.1
CVE-2014-3487 (The cdf_read_property_info function in file before 5.19, as used in th ...)
{DSA-3021-1 DSA-2974-1 DLA-27-1}
@@ -263759,6 +263765,7 @@ CVE-2014-0194
REJECTED
CVE-2014-0193 (WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7. ...)
- netty <not-affected> (WebSocket08FrameDecoder function not present; bug #746639)
+ - netty-3.9 <unfixed>
CVE-2014-0192 (Foreman 1.4.0 before 1.5.0 does not properly restrict access to provis ...)
- foreman <itp> (bug #663101)
CVE-2014-0191 (The xmlParserHandlePEReference function in parser.c in libxml2 before ...)
=====================================
data/dla-needed.txt
=====================================
@@ -57,6 +57,8 @@ netty (Sylvain Beucler)
NOTE: 20200131: Have not checked if the jessie code is vulnerable since the explicit patches could not
NOTE: 20200131: be found. So that remains. The issues however looks important enough to fix. (ola)
--
+netty-3.9 (Sylvain Beucler)
+--
nss (Markus Koschany)
NOTE: 20200127: Fix for CVE-2019-17023 requires more work and testing but
NOTE: release is planned for this week.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/638a2324f26adfa8754313b471af9315216b724f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/638a2324f26adfa8754313b471af9315216b724f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200206/ab38299f/attachment.html>
More information about the debian-security-tracker-commits
mailing list