Sylvain Beucler · Sylvain Beucler · d32b36d7 · d32b36d7
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1233,6 +1233,7 @@ CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-L
 	- netty-3.9 <removed>
 	NOTE: https://github.com/netty/netty/issues/9861
 	NOTE: https://github.com/netty/netty/commit/8494b046ec7e4f28dbd44bc699cc4c4c92251729 (4.1)
+	NOTE: https://github.com/netty/netty/commit/629034624626b722128e0fcc6b3ec9d406cb3706 (4.1)
 	NOTE: https://github.com/netty/netty/commit/5f68897880467c00f29495b0aa46ed19bf7a873c (tests)
 CVE-2019-20444 (HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header th ...)
 	- netty <unfixed> (bug #950966)
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -44,10 +44,10 @@ linux (Ben Hutchings)
 linux-4.9 (Ben Hutchings)
 --
 netty (Sylvain Beucler)
-  NOTE: 20200131: Have not checked if the jessie code is vulnerable since the explicit patches could not
-  NOTE: 20200131: be found. So that remains. The issues however looks important enough to fix. (ola)
+  NOTE: 20200214: upstream's still refining the fix (beuc)
 --
 netty-3.9 (Sylvain Beucler)
+  NOTE: 20200214: upstream's still refining the fix (beuc)
 --
 nodejs
 --