[Git][security-tracker-team/security-tracker][master] Add references for CVE-2020-11080/nghttp2

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Sep 13 20:46:19 BST 2021 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e4b71c5 by Salvatore Bonaccorso at 2021-09-13T21:45:51+02:00
Add references for CVE-2020-11080/nghttp2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -102991,9 +102991,13 @@ CVE-2020-11081 (osquery before version 4.4.0 enables a privilege escalation vuln
 	- osquery <itp> (bug #803502)
 CVE-2020-11080 (In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ...)
 	{DSA-4696-1}
+	- nghttp2 1.41.0-1
 	- nodejs 10.21.0~dfsg-1 (bug #962145)
 	[stretch] - nodejs <ignored> (Nodejs in stretch not covered by security support)
 	[jessie] - nodejs <end-of-life> (Nodejs in jessie not covered by security support)
+	NOTE: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr
+	NOTE: https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090 (v1.41.0)
+	NOTE: https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394 (v1.41.0)
 	NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#http-2-large-settings-frame-dos-low-cve-2020-11080
 CVE-2020-11079 (node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of  ...)
 	NOT-FOR-US: dns-sync nodejs module



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e4b71c544ff10d00abd2a8937d6355134f27a29

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e4b71c544ff10d00abd2a8937d6355134f27a29
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210913/2e5c7c34/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list