Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
27c2c080 by Salvatore Bonaccorso at 2019-04-06T08:01:23Z
Add CVE-2018-12545/jetty9
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -46595,7 +46595,12 @@ CVE-2018-12546 (In Eclipse Mosquitto version 1.0 to
1.5.5 (inclusive) when a cli
NOTE: https://mosquitto.org/blog/2019/02/version-1-5-6-released/
NOTE: https://mosquitto.org/files/cve/2018-12546
CVE-2018-12545 (In Eclipse Jetty version 9.3.x and 9.4.x, the server is
vulnerable to ...)
- TODO: check
+ - jetty9 <not-affected> (Vulnerable code never present in Debian
released version)
+ NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096
+ NOTE: Issue is not present in 9.2.x as there is no HTTP/2 support.
Fixed upstream
+ NOTE: in 9.4.12. Debian package moved directly to 9.4.14-1 containing
the fix and
+ NOTE: thus never including in unstable a vulnerable version.
+ NOTE: Cf. https://bugs.eclipse.org/bugs/show_bug.cgi?id=538096#c7
CVE-2018-12544 (In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the
OpenAPI XML ...)
NOT-FOR-US: Eclipse Vert.x
CVE-2018-12543 (In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a
message is ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/27c2c080ba372e87c51f9ef71d027c96fb7da8cb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/27c2c080ba372e87c51f9ef71d027c96fb7da8cb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
