[Git][security-tracker-team/security-tracker][master] Reserve DLA-3996-1 for gunicorn

Adrian Bunk (@bunk) Thu, 19 Dec 2024 20:21:46 -0800


Adrian Bunk pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
97658a9e by Adrian Bunk at 2024-12-20T06:21:21+02:00
Reserve DLA-3996-1 for gunicorn

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -70470,7 +70470,6 @@ CVE-2024-1135 (Gunicorn fails to properly validate 
Transfer-Encoding headers, le
        {DLA-3851-1}
        - gunicorn 22.0.0-1 (bug #1069126)
        [bookworm] - gunicorn <no-dsa> (Minor issue)
-       [bullseye] - gunicorn <no-dsa> (Minor issue)
        [buster] - gunicorn <postponed> (Minor issue)
        NOTE: https://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1
        NOTE: 
https://github.com/benoitc/gunicorn/commit/ac29c9b0a758d21f1e0fb3b3457239e523fa9f1d


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[20 Dec 2024] DLA-3996-1 gunicorn - security update
+       {CVE-2024-1135}
+       [bullseye] - gunicorn 20.1.0-1+deb11u1
 [16 Dec 2024] DLA-3995-1 libpgjava - security update
        {CVE-2022-31197 CVE-2022-41946 CVE-2024-1597}
        [bullseye] - libpgjava 42.2.15-1+deb11u2


=====================================
data/dla-needed.txt
=====================================
@@ -107,11 +107,6 @@ gst-plugins-good1.0 (Adrian Bunk)
   NOTE: 20241213: Added by Front-Desk (lamby)
   NOTE: 20241213: See also gst-plugins-base1.0 (lamby)
 --
-gunicorn (Adrian Bunk)
-  NOTE: 20241206: Added by coordinator (roberto)
-  NOTE: 20241206: CVE-2024-1135 was fixed in buster, is still open (no-dsa) in 
bullseye and bookworm
-  NOTE: 20241206: 
https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/173
---
 haproxy (Thorsten Alteholz)
   NOTE: 20241201: Added by Front-Desk (ta)
   NOTE: 20241215: testing package



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97658a9e2ebac1b80af7ffcdcb65e8468b664efe

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/97658a9e2ebac1b80af7ffcdcb65e8468b664efe
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-3996-1 for gunicorn

Reply via email to