diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2017-12-28 09:06:37 +0000 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2017-12-28 09:06:37 +0000 |
commit | 4a91d1b726ae9279963569d3b0d5c7353476a145 (patch) | |
tree | cd690f8dd82f7ebbdd6a91ddd365c7e91506a16f /data | |
parent | f3a488bb54a17d84bff0ca02edf3c002e5166d1e (diff) |
Add bug reference for CVE-2017-7559, #885576
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@58986 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/data/CVE/list b/data/CVE/list index 8a56e6d9bb..9aa15aa226 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -38230,8 +38230,8 @@ CVE-2017-7560 (It was found that rhnsd PID files are created as world-writable t NOTE: Introduced by: https://github.com/spacewalkproject/spacewalk/commit/75d9c00b96ab430221c5c7668baebebc74ddd67e CVE-2017-7559 [HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)] RESERVED - - undertow <undetermined> - NOTE: For an incomplete fix of CVE-2017-2666 + - undertow <unfixed> (bug #885576) + NOTE: CVE is for an incomplete fix of CVE-2017-2666 NOTE: Invalid characters were still allowed in the query string and path parameters. TODO: check, asked for clarification to Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=1481665#c7 CVE-2017-7558 [sctp: out-of-bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info()] |