[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2019-20445/netty: reference complementary patch

Sylvain Beucler beuc at debian.org
Fri Feb 14 18:26:47 GMT 2020 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
804e8584 by Sylvain Beucler at 2020-02-14T19:24:29+01:00
CVE-2019-20445/netty: reference complementary patch

- - - - -
d32b36d7 by Sylvain Beucler at 2020-02-14T19:26:32+01:00
dla: update netty status

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1233,6 +1233,7 @@ CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-L
 	- netty-3.9 <removed>
 	NOTE: https://github.com/netty/netty/issues/9861
 	NOTE: https://github.com/netty/netty/commit/8494b046ec7e4f28dbd44bc699cc4c4c92251729 (4.1)
+	NOTE: https://github.com/netty/netty/commit/629034624626b722128e0fcc6b3ec9d406cb3706 (4.1)
 	NOTE: https://github.com/netty/netty/commit/5f68897880467c00f29495b0aa46ed19bf7a873c (tests)
 CVE-2019-20444 (HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header th ...)
 	- netty <unfixed> (bug #950966)


=====================================
data/dla-needed.txt
=====================================
@@ -44,10 +44,10 @@ linux (Ben Hutchings)
 linux-4.9 (Ben Hutchings)
 --
 netty (Sylvain Beucler)
-  NOTE: 20200131: Have not checked if the jessie code is vulnerable since the explicit patches could not
-  NOTE: 20200131: be found. So that remains. The issues however looks important enough to fix. (ola)
+  NOTE: 20200214: upstream's still refining the fix (beuc)
 --
 netty-3.9 (Sylvain Beucler)
+  NOTE: 20200214: upstream's still refining the fix (beuc)
 --
 nodejs
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c9356c50a74e0e48c4a7a90bb40c057fe243f9fe...d32b36d7280109f7d6cb9eb24e1298eb4340de04

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/c9356c50a74e0e48c4a7a90bb40c057fe243f9fe...d32b36d7280109f7d6cb9eb24e1298eb4340de04
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200214/2893513f/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list