add another commit to really fix CVE-2016-10711

author: Thorsten Alteholz <debian@alteholz.de> 2020-05-03 19:51:53 +0200
committer: Thorsten Alteholz <debian@alteholz.de> 2020-05-03 19:51:53 +0200
commit: 1a515d3cd5609751618112ddefa2ff12ff8a6b6a (patch)
tree: 18bfb277ff01737ec10465a94279ee1ebb62a792 /data/CVE/2016.list
parent: 7d533621ff581fc11a539ea3f77b2128242f7590 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 6f2ef06690..3b52e5f37d 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -830,6 +830,8 @@ CVE-2016-10711 (Apsis Pound before 2.8a allows request smuggling via crafted hea
 	NOTE: Fixed by https://build.opensuse.org/request/show/571084
 	NOTE: Confirmed that the SUSE patch is the security relevant diff between
 	NOTE: version 2.7 and 2.8a
+	NOTE: an additional fix of the fix is needed to avoid that pound uses 100% CPU
+	NOTE: https://github.com/graygnuorg/pound/commit/c5a95780e2233a05ab3fb8b4eb8a9550f0c3b53c
 CVE-2016-10710 (Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not v ...)
 	NOT-FOR-US: Biscom Secure File Transfer
 CVE-2016-10709 (pfSense before 2.3 allows remote authenticated users to execute arbitr ...)
author	Thorsten Alteholz <debian@alteholz.de>	2020-05-03 19:51:53 +0200
committer	Thorsten Alteholz <debian@alteholz.de>	2020-05-03 19:51:53 +0200
commit	1a515d3cd5609751618112ddefa2ff12ff8a6b6a (patch)
tree	18bfb277ff01737ec10465a94279ee1ebb62a792 /data/CVE/2016.list
parent	7d533621ff581fc11a539ea3f77b2128242f7590 (diff)