[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2019-20372/nginx
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 10 13:27:03 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0c329cbc by Salvatore Bonaccorso at 2020-01-10T14:26:12+01:00
Add Debian bug reference for CVE-2019-20372/nginx
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -37,7 +37,7 @@ CVE-2019-20375 (A cross-site scripting (XSS) vulnerability in Electronic Logbook
CVE-2019-20374 (A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31 ...)
NOT-FOR-US: Typora
CVE-2019-20372 (NGINX before 1.17.7, with certain error_page configurations, allows HT ...)
- - nginx <unfixed> (low)
+ - nginx <unfixed> (low; bug #948579)
[buster] - nginx <no-dsa> (Minor issue)
[stretch] - nginx <no-dsa> (Minor issue)
NOTE: https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c329cbcfa7e3a5251d03a6f9c069f313bd5c1f1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c329cbcfa7e3a5251d03a6f9c069f313bd5c1f1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200110/b0fe0e36/attachment.html>
More information about the debian-security-tracker-commits
mailing list