[Git][security-tracker-team/security-tracker][master] Triage CVE-2019-20372 in nginx for jessie LTS.
Chris Lamb
lamby at debian.org
Fri Jan 10 18:11:58 GMT 2020
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
391438c0 by Chris Lamb at 2020-01-10T18:11:02+00:00
Triage CVE-2019-20372 in nginx for jessie LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -40,6 +40,7 @@ CVE-2019-20372 (NGINX before 1.17.7, with certain error_page configurations, all
- nginx <unfixed> (low; bug #948579)
[buster] - nginx <no-dsa> (Minor issue)
[stretch] - nginx <no-dsa> (Minor issue)
+ [jessie] - nginx <no-dsa> (Minor issue)
NOTE: https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf
NOTE: https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e
CVE-2019-20373 (LTSP LDM through 2.18.06 allows fat-client root access because the LDM ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/391438c0e4d4bd79e290eac658521a3f8447a8db
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/391438c0e4d4bd79e290eac658521a3f8447a8db
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200110/f22838ad/attachment.html>
More information about the debian-security-tracker-commits
mailing list