[Git][security-tracker-team/security-tracker][master] Track fixed version for older nghttp2 issue

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6e87b367 by Salvatore Bonaccorso at 2023-05-23T08:09:20+02:00
Track fixed version for older nghttp2 issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -469259,9 +469259,9 @@ CVE-2015-4335 (Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers
 	NOTE: Patch: https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411
 	NOTE: https://www.openwall.com/lists/oss-security/2015/06/05/3
 CVE-2015-XXXX [Null pointer access in inflatehd tool]
-	- nghttp2 <unfixed> (unimportant)
+	- nghttp2 1.3.0-0.2 (unimportant)
 	NOTE: Upstream report: https://github.com/tatsuhiro-t/nghttp2/issues/235
-	NOTE: Git commit: https://github.com/tatsuhiro-t/nghttp2/commit/3572e7c6343cb85fc21f5667a7ed0902cf5305cf
+	NOTE: Git commit: https://github.com/tatsuhiro-t/nghttp2/commit/3572e7c6343cb85fc21f5667a7ed0902cf5305cf (v0.7.15)
 	NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2015/06/03/20
 	NOTE: inflatehd not installed into the Debian binary packages
 CVE-2015-5523 (The ParseValue function in lexer.c in tidy before 4.9.31 allows remote ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e87b36752f1e2e33a14108e58d86579c2205de6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e87b36752f1e2e33a14108e58d86579c2205de6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230523/b6e816aa/attachment.htm>