[Git][security-tracker-team/security-tracker][master] Concluded that CVE-2018-21245 was already corrected in jessie.

Ola Lundqvist opal at debian.org
Sat Jun 27 22:44:45 BST 2020 


Ola Lundqvist pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2ebee5f4 by Ola Lundqvist at 2020-06-27T23:44:25+02:00
Concluded that CVE-2018-21245 was already corrected in jessie.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2999,10 +2999,12 @@ CVE-2018-21246 (Caddy before 0.10.13 mishandles TLS client authentication, as de
 CVE-2018-21245 (Pound before 2.8 allows HTTP request smuggling, a related issue to CVE ...)
 	- pound 2.8-2
 	[stretch] - pound 2.7-1.3+deb9u1
+	[jessie] - pound 2.6-6+deb8u2
 	NOTE: https://admin.hostpoint.ch/pipermail/pound_apsis.ch/2018-May/000054.html
 	NOTE: The exact scope of CVE-2018-21245 (a related issue to CVE-2016-10711) was
 	NOTE: as well fixed with the same changes as done upstream for 2.8. The backport
 	NOTE: for 2.7 was a backport of all security relevant changes between 2.7 and 2.8.
+	NOTE: The same corrections were made in 2.6 version for jessie so fixed in that too.
 CVE-2017-18869 (A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 co ...)
 	- node-chownr 1.1.1-1 (bug #909024)
 	NOTE: https://github.com/isaacs/chownr/issues/14


=====================================
data/dla-needed.txt
=====================================
@@ -105,9 +105,6 @@ perl (Abhijith PA)
 php5 (Thorsten Alteholz)
   NOTE: 20200621: testing package (thorsten)
 --
-pound (Ola Lundqvist)
-  NOTE: 20200619: No explicit patch mentioned. Needs deeper research.
---
 python3.4 (Sylvain Beucler)
   NOTE: 20200623: waiting for CVE-2020-14422's patch to be approved upstream
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ebee5f4c4e2f2eccfd8b53040bab38a6ccf867e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ebee5f4c4e2f2eccfd8b53040bab38a6ccf867e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200627/22237ff9/attachment.html>

More information about the debian-security-tracker-commits mailing list