[Git][security-tracker-team/security-tracker][master] Mark two jetty issues as ignored

Fri Aug 17 17:58:35 BST 2018

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
418e01c5 by Moritz Muehlenhoff at 2018-08-17T16:58:00Z
Mark two jetty issues as ignored

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -6854,7 +6854,8 @@ CVE-2018-12538 (In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the op
 CVE-2018-12537 (In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response ...)
 	NOT-FOR-US: Eclipse Vertx
 CVE-2018-12536 (In Eclipse Jetty Server, all 9.x versions, on webapps deployed using ...)
-	- jetty9 <unfixed> (bug #902774)
+	- jetty9 <unfixed> (low; bug #902774)
+	[stretch] - jetty9 <ignored> (Harmless information leak)
 	- jetty8 <removed>
 	- jetty <removed>
 	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535670
@@ -64536,7 +64537,7 @@ CVE-2017-9726 (The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript .
 CVE-2017-9735 (Jetty through 9.4.x is prone to a timing channel in ...)
 	{DLA-1021-1 DLA-1020-1}
 	- jetty9 9.2.22-1 (bug #864898)
-	[stretch] - jetty9 <no-dsa> (Minor issue)
+	[stretch] - jetty9 <ignored> (Harmless information leak)
 	- jetty8 <removed>
 	[jessie] - jetty8 <no-dsa> (Minor issue)
 	- jetty <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/418e01c58699c21737dbb4b3c43e4ac4b47d109c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/418e01c58699c21737dbb4b3c43e4ac4b47d109c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180817/ee806917/attachment.html>
