[Secure-testing-commits] r32490 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Feb 25 14:15:29 UTC 2015
Author: carnil
Date: 2015-02-25 14:15:29 +0000 (Wed, 25 Feb 2015)
New Revision: 32490
Modified:
data/CVE/list
Log:
Add new jetty issue; left TODO item as not checked (only added to tracker)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-25 13:04:53 UTC (rev 32489)
+++ data/CVE/list 2015-02-25 14:15:29 UTC (rev 32490)
@@ -1,3 +1,10 @@
+CVE-2015-2080 [Jetty remote unauthenticated credential exposure]
+ - jetty <unfixed>
+ - jetty8 <unfixed>
+ NOTE: http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
+ NOTE: https://github.com/eclipse/jetty.project/blob/master/advisories/2015-02-24-httpparser-error-buffer-bleed.md
+ NOTE: http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
+ TODO: check
CVE-2015-2062
RESERVED
CVE-2015-2061
More information about the Secure-testing-commits
mailing list