[Git][security-tracker-team/security-tracker][master] Update information on CVE-2019-14888/undertow
Salvatore Bonaccorso
carnil at debian.org
Mon Oct 12 09:42:01 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4485d8c8 by Salvatore Bonaccorso at 2020-10-12T10:41:16+02:00
Update information on CVE-2019-14888/undertow
Upstream is not very transparent here, but the fixed version is noted in
the CVE description as 2.0.28.SP1 (which is possibly after
2.0.28.Final). Checking trough the commits of 2.0.28.Final and
2.0.29.Final reveals one commit matching a denial of service due to a
deadlock in the http2 code.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -78201,8 +78201,12 @@ CVE-2019-14889 (A flaw was found with the libssh API function ssh_scp_new() in v
NOTE: https://bugs.debian.org/947129
NOTE: https://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=ce559d163a943737fe4160f7233925df2eee1f9a
CVE-2019-14888 (A vulnerability was found in the Undertow HTTP server in versions befo ...)
- - undertow 2.0.28-1
+ - undertow 2.0.30-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1772464
+ NOTE: https://issues.redhat.com/browse/UNDERTOW-1623
+ NOTE: https://github.com/undertow-io/undertow/commit/846c50ead09f7d0b38965b4726ba0b6c5582bf7f (and followups)
+ NOTE: https://github.com/undertow-io/undertow/pull/828
+ NOTE: https://github.com/undertow-io/undertow/pull/852
CVE-2019-14887 (A flaw was found when an OpenSSL security provider is used with Wildfl ...)
- wildfly <itp> (bug #752018)
CVE-2019-14886 (A vulnerability was found in business-central, as shipped in rhdm-7.5. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4485d8c84632762fc13960bfe6573a2af83e5900
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4485d8c84632762fc13960bfe6573a2af83e5900
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201012/0e828bea/attachment.html>
More information about the debian-security-tracker-commits
mailing list