Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
95bdbe58 by Markus Koschany at 2018-03-02T20:25:40+01:00
CVE-2018-1047,wildfly/undertow: Add link to pull request

- - - - -
9b4cc6d2 by Markus Koschany at 2018-03-02T20:26:48+01:00
Merge branch 'master' of 
salsa.debian.org:security-tracker-team/security-tracker

- - - - -
4710fae5 by Markus Koschany at 2018-03-02T20:27:16+01:00
CVE-2017-7559,undertow: Fixed in 1.4.23-1.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -17736,6 +17736,8 @@ CVE-2018-1047 (A flaw was found in Wildfly 9.x. A path 
traversal vulnerability .
        - undertow <unfixed> (bug #891929)
        NOTE: https://issues.jboss.org/browse/WFLY-9620
        NOTE: https://developer.jboss.org/thread/276826
+       NOTE: Fixed by https://github.com/wildfly/wildfly/pull/10748
+       NOTE: It looks more like an issue in WildFly. Not 100% sure though.
        TODO: check, issue in undertow or WildFly?
 CVE-2018-1046
        RESERVED
@@ -49505,7 +49507,7 @@ CVE-2017-7560 (It was found that rhnsd PID files are 
created as world-writable t
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1480550
        NOTE: Introduced by: 
https://github.com/spacewalkproject/spacewalk/commit/75d9c00b96ab430221c5c7668baebebc74ddd67e
 CVE-2017-7559 (In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, 
and ...)
-       - undertow <unfixed> (bug #885576)
+       - undertow 1.4.23-1 (bug #885576)
        NOTE: CVE is for an incomplete fix of CVE-2017-2666
        NOTE: Invalid characters were still allowed in the query string and 
path parameters.
        NOTE: https://issues.jboss.org/browse/UNDERTOW-1251



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/f6dd99b0c59554e0f0a8073f6bb13b1903897810...4710fae5b46bb4b53bf7e464996b8c58ed3417d6

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/f6dd99b0c59554e0f0a8073f6bb13b1903897810...4710fae5b46bb4b53bf7e464996b8c58ed3417d6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to