[Git][security-tracker-team/security-tracker][master] CVE-2019-15605/http-parser: jessie ignored
Sylvain Beucler
beuc at debian.org
Sat Feb 22 17:00:45 GMT 2020
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
daa8512a by Sylvain Beucler at 2020-02-22T17:59:39+01:00
CVE-2019-15605/http-parser: jessie ignored
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -32443,6 +32443,7 @@ CVE-2019-15605 (HTTP request smuggling in Node.js 10, 12, and 13 causes maliciou
- nodejs <unfixed>
[jessie] - nodejs <end-of-life> (Nodejs in jessie not covered by security support)
- http-parser <unfixed>
+ [jessie] - http-parser <ignored> (Invasive patch, requires prior content-length support and public struct changes that break ABI)
NOTE: https://hackerone.com/reports/735748
NOTE: https://github.com/nodejs/http-parser/commit/7d5c99d09f6743b055d53fc3f642746d9801479b (http-parser)
CVE-2019-15604 (Improper Certificate Validation in Node.js 10, 12, and 13 causes the p ...)
=====================================
data/dla-needed.txt
=====================================
@@ -15,8 +15,6 @@ ansible
--
collabtive (Thorsten Alteholz)
--
-http-parser (Sylvain Beucler)
---
libapache2-mod-auth-openidc (Thorsten Alteholz)
--
libarchive (Thorsten Alteholz)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/daa8512a6be2ff2339e3d66c5d90ed1278802bd3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/daa8512a6be2ff2339e3d66c5d90ed1278802bd3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200222/2ad5b212/attachment.html>
More information about the debian-security-tracker-commits
mailing list