[Git][security-tracker-team/security-tracker][master] additional ATS HTTP/2 issue has been clarified

Mon, 28 Oct 2019 09:36:34 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
70393f1f by Moritz Muehlenhoff at 2019-10-28T16:34:37Z
additional ATS HTTP/2 issue has been clarified

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25158,8 +25158,7 @@ CVE-2019-10080
        RESERVED
 CVE-2019-10079 (Apache Traffic Server is vulnerable to HTTP/2 setting flood 
attacks. E ...)
        - trafficserver 8.0.5+ds-1
-       NOTE: The reference listed is for Tomcat, hard to tell what this is 
about
-       NOTE: Pinged MITRE for fixing the reference
+       NOTE: 
https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E
 CVE-2019-10078 (A carefully crafted plugin link invocation could trigger an 
XSS vulner ...)
        - jspwiki <removed>
 CVE-2019-10077 (A carefully crafted InterWiki link could trigger an XSS 
vulnerability  ...)


=====================================
data/DSA/list
=====================================
@@ -116,7 +116,7 @@
        {CVE-2019-13139 CVE-2019-13509 CVE-2019-14271}
        [buster] - docker.io 18.09.1+dfsg1-7.1+deb10u1
 [09 Sep 2019] DSA-4520-1 trafficserver - security update
-       {CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 CVE-2019-9518}
+       {CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 CVE-2019-9518 CVE-2019-10079}
        [buster] - trafficserver 8.0.2+ds-1+deb10u1
 [08 Sep 2019] DSA-4519-1 libreoffice - security update
        {CVE-2019-9854}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/70393f1faeaae14fdb1305e75edf65be1c2d5a2a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/70393f1faeaae14fdb1305e75edf65be1c2d5a2a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to