[Secure-testing-commits] r32491 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Feb 25 14:37:18 UTC 2015
Author: carnil
Date: 2015-02-25 14:37:18 +0000 (Wed, 25 Feb 2015)
New Revision: 32491
Modified:
data/CVE/list
Log:
Update entry for jetty, not-affecting jetty and jetty8
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-25 14:15:29 UTC (rev 32490)
+++ data/CVE/list 2015-02-25 14:37:18 UTC (rev 32491)
@@ -1,10 +1,9 @@
CVE-2015-2080 [Jetty remote unauthenticated credential exposure]
- - jetty <unfixed>
- - jetty8 <unfixed>
+ - jetty <not-affected> (Only affects 9.2.3.v20140905 through 9.2.8.v20150217)
+ - jetty8 <not-affected> (Only affects 9.2.3.v20140905 through 9.2.8.v20150217)
NOTE: http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
NOTE: https://github.com/eclipse/jetty.project/blob/master/advisories/2015-02-24-httpparser-error-buffer-bleed.md
NOTE: http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
- TODO: check
CVE-2015-2062
RESERVED
CVE-2015-2061
More information about the Secure-testing-commits
mailing list