[Git][security-tracker-team/security-tracker][master] 2 commits: add another commit to really fix CVE-2016-10711

Thorsten Alteholz alteholz at debian.org
Sun May 3 18:54:33 BST 2020



Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dbc64cf1 by Thorsten Alteholz at 2020-05-03T19:51:53+02:00
add another commit to really fix CVE-2016-10711

- - - - -
7ca56dc6 by Thorsten Alteholz at 2020-05-03T19:54:21+02:00
Reserve DLA-2196-2 for pound

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -124484,6 +124484,8 @@ CVE-2016-10711 (Apsis Pound before 2.8a allows request smuggling via crafted hea
 	NOTE: Fixed by https://build.opensuse.org/request/show/571084
 	NOTE: Confirmed that the SUSE patch is the security relevant diff between
 	NOTE: version 2.7 and 2.8a
+	NOTE: an additional fix of the fix is needed to avoid that pound uses 100% CPU
+	NOTE: https://github.com/graygnuorg/pound/commit/c5a95780e2233a05ab3fb8b4eb8a9550f0c3b53c
 CVE-2018-6375
 	RESERVED
 CVE-2018-6374 (The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients  ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,5 @@
+[03 May 2020] DLA-2196-2 pound - regression update
+	[jessie] - pound 2.6-6+deb8u3
 [03 May 2020] DLA-2200-1 mailman - security update
 	{CVE-2020-12137}
 	[jessie] - mailman 1:2.1.18-2+deb8u5



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/972b0df5cc9f3302a51421ed2c29d7c09d6d5d5a...7ca56dc6b8546c3029be670ff0be210beff975c4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/972b0df5cc9f3302a51421ed2c29d7c09d6d5d5a...7ca56dc6b8546c3029be670ff0be210beff975c4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200503/dd9875b5/attachment.html>


More information about the debian-security-tracker-commits mailing list