Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f80d83eb by Markus Koschany at 2025-01-03T17:38:43+01:00
Mark undertow CVE as fixed in unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -36585,7 +36585,7 @@ CVE-2023-4025 (The Radio Player plugin for WordPress is
vulnerable to unauthoriz
CVE-2023-4024 (The Radio Player plugin for WordPress is vulnerable to
unauthorized mo ...)
NOT-FOR-US: WordPress plugin
CVE-2024-7885 (A vulnerability was found in Undertow where the
ProxyProtocolReadListe ...)
- - undertow <unfixed> (bug #1082854)
+ - undertow 2.3.18-1 (bug #1082854)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2305290
NOTE: Fixed by:
https://github.com/undertow-io/undertow/commit/ce5182c37376982ef0abee34fce0d8c0aab0fab8
(2.2.36.Final)
NOTE: Fixed by:
https://github.com/undertow-io/undertow/commit/80c125e09068ac52ed0a9acde266ef12f8ed7ae1
(2.3.17.Final)
@@ -46781,7 +46781,7 @@ CVE-2024-6123 (The Bit Form plugin for WordPress is
vulnerable to arbitrary file
CVE-2024-5974 (A buffer overflow in WatchGuard Fireware OS could may allow an
authent ...)
NOT-FOR-US: WatchGuard Fireware OS
CVE-2024-5971 (A vulnerability was found in Undertow, where the chunked
response hang ...)
- - undertow <unfixed> (bug #1077545)
+ - undertow 2.3.18-1 (bug #1077545)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2292211
CVE-2024-5881 (The Webico Slider Flatsome Addons plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
@@ -46807,7 +46807,7 @@ CVE-2024-4944 (A local privilege escalation
vlnerability in the WatchGuard Mobil
CVE-2024-4667 (The Blog, Posts and Category Filter for Elementor plugin for
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2024-3653 (A vulnerability was found in Undertow. This issue requires
enabling th ...)
- - undertow <unfixed> (bug #1077547)
+ - undertow 2.3.18-1 (bug #1077547)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274437
CVE-2024-3410 (The DN Footer Contacts WordPress plugin before 1.6.3 does not
sanitise ...)
NOT-FOR-US: WordPress plugin
@@ -91182,7 +91182,7 @@ CVE-2023-44308 (Open redirect vulnerability in adaptive
media administration pag
CVE-2022-48625 (Yealink Config Encrypt Tool add RSA before 1.2 has a built-in
RSA key ...)
NOT-FOR-US: Yealink
CVE-2024-1635 (A vulnerability was found in Undertow. This vulnerability
impacts a se ...)
- - undertow <unfixed> (bug #1068817)
+ - undertow 2.3.18-1 (bug #1068817)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2264928
CVE-2024-25983 (Insufficient checks in a web service made it possible to add
comments ...)
- moodle <removed>
@@ -92761,7 +92761,7 @@ CVE-2022-48623 (The Cpanel::JSON::XS package before
4.33 for Perl performs out-o
CVE-2021-4437 (A vulnerability, which was classified as problematic, has been
found i ...)
NOT-FOR-US: lambda-middleware frameguard
CVE-2024-1459 (A path traversal vulnerability was found in Undertow. This
issue may a ...)
- - undertow <unfixed> (bug #1068816)
+ - undertow 2.3.18-1 (bug #1068816)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2259475
CVE-2024-1454 (The use-after-free vulnerability was found in the AuthentIC
driver in ...)
{DLA-4004-1}
@@ -93237,7 +93237,7 @@ CVE-2023-32341 (IBM Sterling B2B Integrator 6.0.0.0
through 6.0.3.8 and 6.1.0.0
CVE-2023-31506 (A cross-site scripting (XSS) vulnerability in Grav versions
1.7.44 and ...)
NOT-FOR-US: Grav CMS
CVE-2023-4639 (A flaw was found in Undertow, which incorrectly parses cookies
with ce ...)
- - undertow <unfixed> (bug #1063539)
+ - undertow 2.3.18-1 (bug #1063539)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2166022
CVE-2023-3966 (A flaw was found in Open vSwitch where multiple versions are
vulnerabl ...)
{DSA-5640-1}
@@ -125049,7 +125049,7 @@ CVE-2023-33934 (Improper Input Validation
vulnerability in Apache Software Found
CVE-2023-2905 (Due to a failure in validating the length of a provided
MQTT_CMD_PUBLI ...)
NOT-FOR-US: Cesanta Mongoose
CVE-2023-3223 (A flaw was found in undertow. Servlets annotated with
@MultipartConfig ...)
- - undertow <unfixed> (bug #1054893)
+ - undertow 2.3.18-1 (bug #1054893)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2209689
NOTE: https://github.com/undertow-io/undertow/pull/1521 (2.3.9.Final)
NOTE: https://github.com/undertow-io/undertow/pull/1523 (backport,
2.2.27.Final)
@@ -139210,7 +139210,7 @@ CVE-2023-30469 (Cross-site Scripting vulnerability in
Hitachi Ops Center Analyze
CVE-2023-30468
RESERVED
CVE-2023-1973 (A flaw was found in Undertow package. Using the
FormAuthenticationMech ...)
- - undertow <unfixed> (bug #1068815)
+ - undertow 2.3.18-1 (bug #1068815)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185662
CVE-2023-30467 (This vulnerability exists in Milesight 4K/H.265 Series NVR
models (MS- ...)
NOT-FOR-US: Milesight
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f80d83eb13607e1e85d9c86333ed3ee6ab298687
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f80d83eb13607e1e85d9c86333ed3ee6ab298687
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
