[Git][security-tracker-team/security-tracker][master] CVE-2019-20445,CVE-2019-20444,CVE-2020-7238/netty: reference patches

Sylvain Beucler beuc at debian.org
Thu Feb 6 16:01:29 GMT 2020 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d0927eab by Sylvain Beucler at 2020-02-06T17:01:07+01:00
CVE-2019-20445,CVE-2019-20444,CVE-2020-7238/netty: reference patches

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -511,10 +511,13 @@ CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-L
 	- netty <unfixed>
 	- netty-3.9 <removed>
 	NOTE: https://github.com/netty/netty/issues/9861
+	NOTE: https://github.com/netty/netty/commit/8494b046ec7e4f28dbd44bc699cc4c4c92251729 (4.1)
+	NOTE: https://github.com/netty/netty/commit/5f68897880467c00f29495b0aa46ed19bf7a873c (tests)
 CVE-2019-20444 (HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header th ...)
 	- netty <unfixed>
 	- netty-3.9 <removed>
 	NOTE: https://github.com/netty/netty/issues/9866
+	NOTE: https://github.com/netty/netty/commit/a7c18d44b46e02dadfe3da225a06e5091f5f328e (4.1)
 CVE-2020-8432 (In Das U-Boot through 2020.01, a double free has been found in the cmd ...)
 	- u-boot <unfixed> (low)
 	[buster] - u-boot <no-dsa> (Minor issue)
@@ -3148,6 +3151,7 @@ CVE-2020-7238 (Netty 4.1.43.Final allows HTTP Request Smuggling because it misha
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1796225
 	NOTE: https://github.com/jdordonezn/CVE-2020-72381/issues/1
 	NOTE: Issue exists because of incomplete fix for CVE-2019-16869.
+	NOTE: https://github.com/netty/netty/issues/9861#issuecomment-582307539 (same fix as CVE-2019-20445)
 CVE-2020-7237 (Cacti 1.2.8 allows Remote Code Execution (by privileged users) via she ...)
 	- cacti <unfixed> (bug #949997)
 	[jessie] - cacti <not-affected> (Vulnerable code introduced later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0927eabec76dcdf9ff846c238ee10dde13cdb62

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d0927eabec76dcdf9ff846c238ee10dde13cdb62
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200206/06052ff2/attachment.html>

More information about the debian-security-tracker-commits mailing list