diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2021-06-12 17:14:21 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2021-06-12 17:14:21 +0200 |
commit | 804d60cb8d869b2a9eb2453579d32e9cab2d5c5f (patch) | |
tree | ed1c68659c98ac36ffbcbcdc888d0b0490638e38 /data | |
parent | 901499fc93c43ea09929bfb9d76634275ac2b699 (diff) |
Add/Update notes for CVE-2020-13950
Upstream is clear here and claims 2.4.41 is the first version affected.
Whilst the patch would apply it causes errors, so a previous change
might be introducing the vulnerability. But there is no further
information available for now.
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list index 02beed92cc..5e3fa34686 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -78258,7 +78258,8 @@ CVE-2020-13950 (Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can [experimental] - apache2 2.4.48-1 - apache2 2.4.46-6 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-13950 - NOTE: https://svn.apache.org/r1678771 + NOTE: Fixed by: https://svn.apache.org/r1678771 + TODO: check why this only a problem starting in 2.4.41 CVE-2020-13949 (In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send sho ...) - thrift <unfixed> (bug #988949) [bullseye] - thrift <no-dsa> (Minor issue) |