[Git][security-tracker-team/security-tracker][master] dnstdist/HTTP2

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Nov 13 17:30:26 GMT 2023 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd48e2fb by Moritz Muehlenhoff at 2023-11-13T18:29:52+01:00
dnstdist/HTTP2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5807,6 +5807,7 @@ CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server resource
 	- nghttp2 1.57.0-1 (bug #1053769)
 	- jetty9 9.4.53-1
 	- netty 1:4.1.48-8 (bug #1054234)
+	- dnsdist 1.8.2-2
 	NOTE: Tomcat: https://github.com/apache/tomcat/commit/76bb4bfbfeae827dce896f650655bbf6e251ed49 (10.1.14)
 	NOTE: Tomcat: https://github.com/apache/tomcat/commit/6d1a9fd6642387969e4410b9989c85856b74917a (9.0.81)
 	NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version
@@ -5814,6 +5815,7 @@ CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server resource
 	NOTE: ATS: https://github.com/apache/trafficserver/commit/b28ad74f117307e8de206f1de70c3fa716f90682 (9.2.3-rc0)
 	NOTE: ATS: https://github.com/apache/trafficserver/commit/d742d74039aaa548dda0148ab4ba207906abc620 (8.1.9)
 	NOTE: h2o: https://github.com/h2o/h2o/commit/28fe15117b909588bf14269a0e1c6ec4548579fe
+	NOTE: dnsdist: h2o change breaks the ABI, hence dnsdist switched to a vendored fix in 1.8.2-2
 	NOTE: haproxy: http://git.haproxy.org/?p=haproxy.git;a=commit;h=f210191dcdf32a2cb263c5bd22b7fc98698ce59a (v1.9-dev1)
 	NOTE: haproxy: https://www.mail-archive.com/haproxy@formilux.org/msg44134.html
 	NOTE: haproxy: https://www.mail-archive.com/haproxy@formilux.org/msg44136.html



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd48e2fb6a1519b1788df18c2743550853a797e0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd48e2fb6a1519b1788df18c2743550853a797e0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231113/1f0a4005/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list