Add/Update notes for CVE-2020-13950

Upstream is clear here and claims 2.4.41 is the first version affected. Whilst the patch would apply it causes errors, so a previous change might be introducing the vulnerability. But there is no further information available for now.
author: Salvatore Bonaccorso <carnil@debian.org> 2021-06-12 17:14:21 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-06-12 17:14:21 +0200
commit: 804d60cb8d869b2a9eb2453579d32e9cab2d5c5f (patch)
tree: ed1c68659c98ac36ffbcbcdc888d0b0490638e38 /data
parent: 901499fc93c43ea09929bfb9d76634275ac2b699 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 02beed92cc..5e3fa34686 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -78258,7 +78258,8 @@ CVE-2020-13950 (Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can
 	[experimental] - apache2 2.4.48-1
 	- apache2 2.4.46-6
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-13950
-	NOTE: https://svn.apache.org/r1678771
+	NOTE: Fixed by: https://svn.apache.org/r1678771
+	TODO: check why this only a problem starting in 2.4.41
 CVE-2020-13949 (In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send sho ...)
 	- thrift <unfixed> (bug #988949)
 	[bullseye] - thrift <no-dsa> (Minor issue)
author	Salvatore Bonaccorso <carnil@debian.org>	2021-06-12 17:14:21 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-06-12 17:14:21 +0200
commit	804d60cb8d869b2a9eb2453579d32e9cab2d5c5f (patch)
tree	ed1c68659c98ac36ffbcbcdc888d0b0490638e38 /data
parent	901499fc93c43ea09929bfb9d76634275ac2b699 (diff)