[Git][security-tracker-team/security-tracker][master] Remove src:undertow entries for stretch (will be removed in 9.5)

Sat, 14 Jul 2018 01:43:14 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fa8db11d by Salvatore Bonaccorso at 2018-07-14T10:40:34+02:00
Remove src:undertow entries for stretch (will be removed in 9.5)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -35238,7 +35238,6 @@ CVE-2018-1115 (postgresql before versions 10.4, 9.6.9 
is vulnerable in the admin
 CVE-2018-1114 [File descriptor leak caused by 
JarURLConnection.getLastModified() allows attacker to cause a denial of service]
        RESERVED
        - undertow 1.4.25-1 (bug #897247)
-       [stretch] - undertow <no-dsa> (Scheduled for removal on point release)
        NOTE: https://issues.jboss.org/browse/UNDERTOW-1338
        NOTE: 
https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64a
        NOTE: https://bugs.openjdk.java.net/browse/JDK-6956385
@@ -35430,7 +35429,6 @@ CVE-2018-1068 (A flaw was found in the Linux 4.x 
kernel's implementation of 32-b
        NOTE: non-standard setups
 CVE-2018-1067 (In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found 
that the ...)
        - undertow 1.4.25-1 (bug #900323)
-       [stretch] - undertow <no-dsa> (Scheduled for removal on point release)
        NOTE: https://issues.jboss.org/browse/UNDERTOW-1302
        NOTE: Issue is incomplete fix for CVE-2016-4993
        NOTE: Fixed by 
https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b86
 (1.4.25.Final)
@@ -35575,7 +35573,6 @@ CVE-2018-1049 (In systemd prior to 234 a race condition 
exists between .mount an
        NOTE: 
https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318
 CVE-2018-1048 (It was found that the AJP connector in undertow, as shipped in 
Jboss ...)
        - undertow 1.4.22-1 (bug #891928)
-       [stretch] - undertow <no-dsa> (Scheduled for removal on point release)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1534343
        NOTE: https://issues.jboss.org/browse/UNDERTOW-1245
        NOTE: Fixed by 
https://github.com/undertow-io/undertow/commit/1bc0c275aadf5835abfbd3835d5d78095c2f1cf5
@@ -53441,7 +53438,6 @@ CVE-2017-12197 (It was found that libpam4j up to and 
including 1.8 did not prope
        NOTE: (Non-upstream) patch: 
https://github.com/letonez/libpam4j/commit/84f32f4001fc6bdcc125ccc959081de022d18b6d
 CVE-2017-12196 (undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final 
was ...)
        - undertow 1.4.25-1
-       [stretch] - undertow <no-dsa> (Scheduled for removal on point release)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1503055
        NOTE: Fixed by 
https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870
        NOTE: See also 
https://github.com/undertow-io/undertow/commit/8804170ce3186bdd83b486959399ec7ac0f59d0f
@@ -53592,7 +53588,6 @@ CVE-2017-12166 (OpenVPN versions before 2.3.3 and 2.4.x 
before 2.4.4 are vulnera
 CVE-2017-12165 [improper whitespace parsing leading to potential HTTP request 
smuggling]
        RESERVED
        - undertow <unfixed> (bug #885338)
-       [stretch] - undertow <no-dsa> (Scheduled for removal on point release)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1490301
        NOTE: Fix likely included in the same commit as the fix for 
CVE-2017-7559
        NOTE: 
https://github.com/undertow-io/undertow/commit/3436b03eda8b0b62c1855698c4d7c358add836c2
@@ -67621,7 +67616,6 @@ CVE-2017-7560 (It was found that rhnsd PID files are 
created as world-writable t
        NOTE: Introduced by: 
https://github.com/spacewalkproject/spacewalk/commit/75d9c00b96ab430221c5c7668baebebc74ddd67e
 CVE-2017-7559 (In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, 
and ...)
        - undertow 1.4.23-1 (bug #885576)
-       [stretch] - undertow <no-dsa> (Scheduled for removal on point release)
        NOTE: CVE is for an incomplete fix of CVE-2017-2666
        NOTE: Invalid characters were still allowed in the query string and 
path parameters.
        NOTE: https://issues.jboss.org/browse/UNDERTOW-1165



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa8db11df23d31667bbd7efd24c088150c3bbc9d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa8db11df23d31667bbd7efd24c088150c3bbc9d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to