[Git][security-tracker-team/security-tracker][master] Reserve DLA-3000-1 for waitress
Stefano Rivera (@stefanor)
stefanor at debian.org
Thu May 12 22:07:22 BST 2022
Stefano Rivera pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ba11c104 by Stefano Rivera at 2022-05-12T17:07:04-04:00
Reserve DLA-3000-1 for waitress
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -186070,7 +186070,6 @@ CVE-2019-16793
CVE-2019-16792 (Waitress through version 1.3.1 allows request smuggling by sending the ...)
- waitress 1.4.1-1
[buster] - waitress <no-dsa> (Minor issue)
- [stretch] - waitress <no-dsa> (Minor issue)
[jessie] - waitress <no-dsa> (Minor issue)
NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6
NOTE: https://github.com/Pylons/waitress/commit/575994cd42e83fd772a5f7ec98b2c56751bd3f65
@@ -186083,7 +186082,6 @@ CVE-2019-16789 (In Waitress through version 1.4.0, if a proxy server is used in
{DLA-2056-1}
- waitress 1.4.1-1 (bug #947433)
[buster] - waitress <no-dsa> (Minor issue)
- [stretch] - waitress <no-dsa> (Minor issue)
NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4
NOTE: https://github.com/Pylons/waitress/commit/11d9e138125ad46e951027184b13242a3c1de017
CVE-2019-16788
@@ -186091,14 +186089,12 @@ CVE-2019-16788
CVE-2019-16786 (Waitress through version 1.3.1 would parse the Transfer-Encoding heade ...)
- waitress 1.4.1-1 (bug #947306)
[buster] - waitress <no-dsa> (Minor issue)
- [stretch] - waitress <no-dsa> (Minor issue)
[jessie] - waitress <no-dsa> (Minor issue)
NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-g2xc-35jw-c63p
NOTE: https://github.com/Pylons/waitress/commit/f11093a6b3240fc26830b6111e826128af7771c3
CVE-2019-16785 (Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 ...)
- waitress 1.4.1-1 (bug #947306)
[buster] - waitress <no-dsa> (Minor issue)
- [stretch] - waitress <no-dsa> (Minor issue)
[jessie] - waitress <no-dsa> (Minor issue)
NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p
NOTE: https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[12 May 2022] DLA-3000-1 waitress - security update
+ {CVE-2019-16785 CVE-2019-16786 CVE-2019-16789 CVE-2019-16792 CVE-2022-24761}
+ [stretch] - waitress 1.0.1-1+deb9u1
[11 May 2022] DLA-2999-1 mutt - security update
{CVE-2022-1328}
[stretch] - mutt 1.7.2-1+deb9u6
=====================================
data/dla-needed.txt
=====================================
@@ -214,10 +214,3 @@ unzip (Dominik George)
--
vim (Markus Koschany)
--
-waitress (Stefano Rivera)
- NOTE: 20220320: I am not sure if we should ignore CVE-2022-24761 as it is
- NOTE: 20220320: basically another HTTP parsing error and a workaround exists
- NOTE: 20220320: or if we should overhaul the package and fix everything
- NOTE: 20220320: instead. Someone with more Python knowledge should take another look
- NOTE: 20220320: at it. (apo)
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba11c104257d6909e608dee9382228ec1e5a1d36
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba11c104257d6909e608dee9382228ec1e5a1d36
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220512/35d80b80/attachment.htm>
More information about the debian-security-tracker-commits
mailing list