[Git][security-tracker-team/security-tracker][master] new rust-h2 issue

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jan 22 12:03:55 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c3088018 by Moritz Muehlenhoff at 2024-01-22T13:03:31+01:00
new rust-h2 issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -333851,6 +333851,7 @@ CVE-2019-9514 (Some HTTP/2 implementations are vulnerable to a reset flood, pote
 	[jessie] - nodejs <not-affected> (No HTTP2 support yet)
 	- trafficserver 8.0.5+ds-1 (bug #934887)
 	- h2o 2.2.5+dfsg2-3 (bug #934886)
+	- rust-h2 <unfixed>
 	NOTE: Issue: https://github.com/golang/go/issues/33606
 	NOTE: https://github.com/golang/go/commit/e152b01a468a1c18a290bf9aec52ccea7693c7f2 (golang-1.11)
 	NOTE: https://github.com/golang/go/commit/7139b45d1410ded14e1e131151fd8dfc435ede6c (golang-1.12)
@@ -333859,6 +333860,8 @@ CVE-2019-9514 (Some HTTP/2 implementations are vulnerable to a reset flood, pote
 	NOTE: https://raw.githubusercontent.com/apache/trafficserver/8.0.x/CHANGELOG-8.0.4
 	NOTE: https://github.com/h2o/h2o/issues/2090
 	NOTE: https://github.com/h2o/h2o/commit/743d6b6118c29b75d0b84ef7950a2721c32dfe3f
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0003.html
+	NOTE: https://github.com/hyperium/h2/pull/737
 CVE-2019-9513 (Some HTTP/2 implementations are vulnerable to resource loops, potentia ...)
 	{DSA-4669-1 DSA-4511-1 DSA-4505-1}
 	- nginx 1.14.2-3 (bug #935037)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c308801813214906a4066d5225c029a7ad300505

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c308801813214906a4066d5225c029a7ad300505
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240122/da4e9679/attachment.htm>

More information about the debian-security-tracker-commits mailing list