Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8e9423f5 by Moritz Muehlenhoff at 2022-07-13T13:39:52+02:00
resteasy updates
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -111595,9 +111595,8 @@ CVE-2021-20294 (A flaw was found in binutils readelf
2.35 program. An attacker w
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=372dd157272e0674d13372655cc60eaca9c06926
NOTE: binutils not covered by security support
CVE-2021-20293 (A reflected Cross-Site Scripting (XSS) flaw was found in
RESTEasy in a ...)
- - resteasy <undetermined>
- - resteasy3.0 <undetermined>
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1942819
+ NOTE: Disputed by Resteasy upstream, needs to be fixed in applications
using Resteasy
+ NOTE: https://issues.redhat.com/browse/RESTEASY-3020
CVE-2021-20292 (There is a flaw reported in the Linux kernel in versions
before 5.9 in ...)
{DLA-2689-1}
- linux 5.7.17-1
@@ -128598,11 +128597,10 @@ CVE-2020-25725 (In Xpdf 4.02,
SplashOutputDev::endType3Char(GfxState *state) Spl
- xpdf <not-affected> (Debian uses poppler, which is not affected)
NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41915
CVE-2020-25724 (A flaw was found in RESTEasy, where an incorrect response to
an HTTP r ...)
- - resteasy <unfixed>
- - resteasy3.0 <unfixed>
- [bullseye] - resteasy3.0 <no-dsa> (Minor issue)
- [buster] - resteasy3.0 <no-dsa> (Minor issue)
+ - resteasy <not-affected> (Fixed before initial upload to archive)
+ - resteasy3.0 <not-affected> (Fixed before initial upload to archive)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1899354 (lacks
details ATM)
+ NOTE: https://security.snyk.io/vuln/SNYK-JAVA-IOQUARKUS-1300848
CVE-2020-25723 (A reachable assertion issue was found in the USB EHCI
emulation code o ...)
{DLA-2469-1}
- qemu 1:5.2+dfsg-1 (bug #975276)
@@ -129054,6 +129052,10 @@ CVE-2020-25633 (A flaw was found in RESTEasy client
in all versions of RESTEasy
[bullseye] - resteasy3.0 <ignored> (Minor issue)
[buster] - resteasy3.0 <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879042
+ NOTE: https://issues.redhat.com/browse/RESTEASY-2721
+ NOTE: https://issues.redhat.com/browse/RESTEASY-2728
+ NOTE: https://issues.redhat.com/browse/RESTEASY-2781
+ NOTE: Fixed in 3.11.3, 4.6.0, 3.14.0, 4.4.3, 3.5.9
CVE-2020-25632 (A flaw was found in grub2 in versions prior to 2.06. The rmmod
impleme ...)
{DSA-4867-1}
- grub2 2.04-16
@@ -166082,7 +166084,7 @@ CVE-2020-10689 (A flaw was found in the Eclipse Che
up to version 7.8.x, where i
NOT-FOR-US: Eclipse Che
CVE-2020-10688 (A cross-site scripting (XSS) flaw was found in RESTEasy in
versions be ...)
- resteasy <unfixed> (bug #970328)
- - resteasy3.0 <undetermined>
+ - resteasy3.0 <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814974
NOTE: https://github.com/quarkusio/quarkus/issues/7248
NOTE: https://issues.redhat.com/browse/RESTEASY-2519 (restricted)
@@ -190327,7 +190329,7 @@ CVE-2020-1696 (A flaw was found in the all pki-core
10.x.x versions, where Token
[bullseye] - dogtag-pki <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1780707
CVE-2020-1695 (A flaw was found in all resteasy 3.x.x versions prior to
3.12.0.Final ...)
- - resteasy <undetermined>
+ - resteasy <unfixed>
- resteasy3.0 3.0.26-2
[buster] - resteasy3.0 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1730462
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e9423f5c8e7ea3286bcbabe047b1f19575e3293
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e9423f5c8e7ea3286bcbabe047b1f19575e3293
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
