Add CVE-2020-11985/apache2

author: Salvatore Bonaccorso <carnil@debian.org> 2020-08-07 21:22:02 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-08-07 21:22:02 +0200
commit: d808019d09204ab4003b5b1f2fee5640b93b7a36 (patch)
tree: 51574375ee6e6024e6b4cb8d379f8c3abede2e4e /data
parent: 65e10438c2de2e32f28f26f0c2d02217d3c5a315 (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 8d4d1dcb42..70febe21d4 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -12242,8 +12242,14 @@ CVE-2020-11987
 	RESERVED
 CVE-2020-11986
 	RESERVED
-CVE-2020-11985
-	RESERVED
+CVE-2020-11985 [IP address spoofing when proxying using mod_remoteip and mod_rewrite]
+	RESERVED
+	- apache2 2.4.25-1
+	NOTE: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1875299
+	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11985
+	NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/2
+	NOTE: Upstream patch: https://svn.apache.org/r1688399
+	NOTE: https://github.com/apache/httpd/commit/dd6c959b3625048ee15ba4ad72e6cb7bcaf91020
 CVE-2020-11984 [mod_proxy_uwsgi buffer overflow]
 	RESERVED
 	- apache2 <unfixed>
author	Salvatore Bonaccorso <carnil@debian.org>	2020-08-07 21:22:02 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-08-07 21:22:02 +0200
commit	d808019d09204ab4003b5b1f2fee5640b93b7a36 (patch)
tree	51574375ee6e6024e6b4cb8d379f8c3abede2e4e /data
parent	65e10438c2de2e32f28f26f0c2d02217d3c5a315 (diff)