Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
986365cb by Moritz Muehlenhoff at 2021-07-28T17:46:20+02:00
add jetty commit references and mark one issue as ignored
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7105,6 +7105,7 @@ CVE-2021-34428 (For Eclipse Jetty versions <= 9.4.40,
<= 10.0.2, <= 11.
- jetty <removed>
NOTE:
https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6
NOTE: https://github.com/eclipse/jetty.project/issues/6277
+ NOTE:
https://github.com/eclipse/jetty.project/commit/087f486b4461746b4ded45833887b3ccb136ee85
(jetty-9.4.x)
CVE-2021-34427 (In Eclipse BIRT versions 4.8.0 and earlier, an attacker can
use query ...)
NOT-FOR-US: Eclipse BIRT
CVE-2021-34426
@@ -22488,6 +22489,8 @@ CVE-2021-28165 (In Eclipse Jetty 7.2.2 to 9.4.38,
10.0.0.alpha0 to 10.0.1, and 1
[stretch] - jetty9 <ignored> (Minor issue, cpu-spin DoS w/o service
outage, no patch for 9.2 while 9.4 refactoring in core SSL code)
NOTE:
https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w
NOTE: https://github.com/eclipse/jetty.project/issues/6072
+ NOTE:
https://github.com/eclipse/jetty.project/pull/6073/commits/af289dcaedcddcc6b23bc73ddc20363c34338412
(jetty-9.4.x)
+ NOTE:
https://github.com/eclipse/jetty.project/pull/6073/commits/705e5e9a6a00fd3a533695bae8915b0295a4f879
(jetty-9.4.x)
CVE-2021-28164 (In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the
default com ...)
- jetty9 9.4.39-1
[buster] - jetty9 <not-affected> (Vulnerable code introduced later)
@@ -55687,7 +55690,8 @@ CVE-2020-27219 (In all version of Eclipse Hawkbit prior
to 0.3.0M7, the HTTP 404
NOT-FOR-US: Eclipse Hawkbit
CVE-2020-27218 (In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102,
10.0.0.alpha0 ...)
- jetty9 9.4.35-1 (bug #976211)
- [stretch] - jetty9 <ignored> (Minor issue, request smuggling in
specific conditions, invasive, patch introduces regressions, word-arounds exist)
+ [buster] - jetty9 <ignored> (Minor issue, too intrusive to backport,
patch introduces regressions, workarounds exist)
+ [stretch] - jetty9 <ignored> (Minor issue, request smuggling in
specific conditions, invasive, patch introduces regressions, workarounds exist)
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892
NOTE:
https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8
NOTE: https://github.com/eclipse/jetty.project/issues/5605
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/986365cb204bfd2e78c3f89cf1eb8c2b898f060c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/986365cb204bfd2e78c3f89cf1eb8c2b898f060c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
