[Git][security-tracker-team/security-tracker][master] Reserve DLA-3996-1 for gunicorn
Adrian Bunk (@bunk)
bunk at debian.org
Fri Dec 20 04:21:34 GMT 2024
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
97658a9e by Adrian Bunk at 2024-12-20T06:21:21+02:00
Reserve DLA-3996-1 for gunicorn
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -70470,7 +70470,6 @@ CVE-2024-1135 (Gunicorn fails to properly validate Transfer-Encoding headers, le
{DLA-3851-1}
- gunicorn 22.0.0-1 (bug #1069126)
[bookworm] - gunicorn <no-dsa> (Minor issue)
- [bullseye] - gunicorn <no-dsa> (Minor issue)
[buster] - gunicorn <postponed> (Minor issue)
NOTE: https://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1
NOTE: https://github.com/benoitc/gunicorn/commit/ac29c9b0a758d21f1e0fb3b3457239e523fa9f1d
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[20 Dec 2024] DLA-3996-1 gunicorn - security update
+ {CVE-2024-1135}
+ [bullseye] - gunicorn 20.1.0-1+deb11u1
[16 Dec 2024] DLA-3995-1 libpgjava - security update
{CVE-2022-31197 CVE-2022-41946 CVE-2024-1597}
[bullseye] - libpgjava 42.2.15-1+deb11u2
=====================================
data/dla-needed.txt
=====================================
@@ -107,11 +107,6 @@ gst-plugins-good1.0 (Adrian Bunk)
NOTE: 20241213: Added by Front-Desk (lamby)
NOTE: 20241213: See also gst-plugins-base1.0 (lamby)
--
-gunicorn (Adrian Bunk)
- NOTE: 20241206: Added by coordinator (roberto)
- NOTE: 20241206: CVE-2024-1135 was fixed in buster, is still open (no-dsa) in bullseye and bookworm
- NOTE: 20241206: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/173
---
haproxy (Thorsten Alteholz)
NOTE: 20241201: Added by Front-Desk (ta)
NOTE: 20241215: testing package
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97658a9e2ebac1b80af7ffcdcb65e8468b664efe
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97658a9e2ebac1b80af7ffcdcb65e8468b664efe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241220/47c3fcd1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list