Add CVE-2020-7238/netty

author: Salvatore Bonaccorso <carnil@debian.org> 2020-01-30 08:10:19 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2020-01-30 08:13:05 +0100
commit: 183537ebd736151ded43af86bff9137b62571c1b (patch)
tree: a08c03f5ceaa9fe6270f9ba7bd902410bda62f5b /data/CVE/list
parent: 05062f7a04cd8f3cf302f5b6f1d5c08aea1cf5aa (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 7061367da8..0063426a28 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -2582,7 +2582,10 @@ CVE-2019-20383
 CVE-2019-20382
 	RESERVED
 CVE-2020-7238 (Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1796225
+	NOTE: https://github.com/jdordonezn/CVE-2020-72381/issues/1
+	NOTE: Issue exists because of incomplete fix for CVE-2019-16869.
 CVE-2020-7237 (Cacti 1.2.8 allows Remote Code Execution (by privileged users) via she ...)
 	- cacti <unfixed> (bug #949997)
 	[jessie] - cacti <not-affected> (Vulnerable code introduced later)
author	Salvatore Bonaccorso <carnil@debian.org>	2020-01-30 08:10:19 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2020-01-30 08:13:05 +0100
commit	183537ebd736151ded43af86bff9137b62571c1b (patch)
tree	a08c03f5ceaa9fe6270f9ba7bd902410bda62f5b /data/CVE/list
parent	05062f7a04cd8f3cf302f5b6f1d5c08aea1cf5aa (diff)