From 372313a388db4b904072941852f4d5b58aab791b Mon Sep 17 00:00:00 2001
From: Chris Walker <chris@webtide.com>
Date: Wed, 30 Oct 2019 11:36:14 -0400
Subject: [PATCH] Updating security reports. Resolves #4253

---
 .../troubleshooting/security-reports.adoc         | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/jetty-documentation/src/main/asciidoc/reference/troubleshooting/security-reports.adoc b/jetty-documentation/src/main/asciidoc/reference/troubleshooting/security-reports.adoc
index 598ee199f19..83c65dc54f3 100644
--- a/jetty-documentation/src/main/asciidoc/reference/troubleshooting/security-reports.adoc
+++ b/jetty-documentation/src/main/asciidoc/reference/troubleshooting/security-reports.adoc
@@ -28,9 +28,24 @@ If you would like to report a security issue please follow these link:#security-
 |=======================================================================
 |yyyy/mm/dd |ID |Exploitable |Severity |Affects |Fixed Version |Comment
 
+|2019/08/13 |CVE-2019-9518 |Med |Med |< = 9.4.20 |9.4.21
+|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518[Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service.]
+
+|2019/08/13 |CVE-2019-9516 |Med |Med |< = 9.4.20 |9.4.21
+|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516[Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service.]
+
 |2019/08/13 |CVE-2019-9515 |Med |Med |< = 9.4.20 |9.4.21
 |https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515[Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service when an attacker sent a stream of SETTINGS frames to the peer.]
 
+|2019/08/13 |CVE-2019-9514 |Med |Med |< = 9.4.20 |9.4.21
+|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514[Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service.]
+
+|2019/08/13 |CVE-2019-9512 |Low |Low |< = 9.4.20 |9.4.21
+|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512[Some HTTP/2 implementations are vulnerable to ping floods which could lead to a denial of service.]
+
+|2019/08/13 |CVE-2019-9511 |Low |Low |< = 9.4.20 |9.4.21
+|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511[Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation which could lead to a denial of service.]
+
 |2019/04/11 |CVE-2019-10247 |Med |Med |< = 9.4.16 |9.2.28, 9.3.27, 9.4.17
 |https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10247[If no webapp was mounted to the root namespace and a 404 was encountered, an HTML page would be generated displaying the fully qualified base resource location for each context.]