Add CVE-2023-38697/ruby-protocol-http1

author: Salvatore Bonaccorso <carnil@debian.org> 2023-08-07 08:54:31 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2023-08-07 08:54:31 +0200
commit: 996acf289e5748c8d8d9f3ba6eee5b162c00f3d4 (patch)
tree: aa4cb7c8877d6f96495a11451685b098a897fbca /data
parent: 828c61fd3437f46a9aedf650c006a8acbe341b80 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list
index a80ca1e891..ad5563cb77 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -127,7 +127,11 @@ CVE-2023-38699 (MindsDB's AI Virtual Database allows developers to connect any A
 CVE-2023-38698 (Ethereum Name Service (ENS) is a distributed, open, and extensible nam ...)
 	NOT-FOR-US: Ethereum Name Service (ENS)
 CVE-2023-38697 (protocol-http1 provides a low-level implementation of the HTTP/1 proto ...)
-	TODO: check
+	- ruby-protocol-http1 <unfixed>
+	NOTE: https://github.com/socketry/protocol-http1/pull/20
+	NOTE: https://www.rfc-editor.org/rfc/rfc9112#name-chunked-transfer-coding
+	NOTE: https://github.com/socketry/protocol-http1/security/advisories/GHSA-6jwc-qr2q-7xwj
+	NOTE: https://github.com/socketry/protocol-http1/commit/e11fc164fd2b36f7b7e785e69fa8859eb06bcedd (v0.15.1)
 CVE-2023-38696
 	REJECTED
 CVE-2023-38695 (cypress-image-snapshot shows visual regressions in Cypress with jest-i ...)
author	Salvatore Bonaccorso <carnil@debian.org>	2023-08-07 08:54:31 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2023-08-07 08:54:31 +0200
commit	996acf289e5748c8d8d9f3ba6eee5b162c00f3d4 (patch)
tree	aa4cb7c8877d6f96495a11451685b098a897fbca /data
parent	828c61fd3437f46a9aedf650c006a8acbe341b80 (diff)