[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2018-1047

Thu Jan 25 07:06:41 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4d93f3f7 by Salvatore Bonaccorso at 2018-01-25T08:06:30+01:00
Add CVE-2018-1047

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -13097,8 +13097,12 @@ CVE-2018-1049 [automount: access to automounted volumes can lock up]
 	NOTE: https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318
 CVE-2018-1048
 	RESERVED
-CVE-2018-1047
+CVE-2018-1047 [Path traversal in ServletResourceManager class]
 	RESERVED
+	- undertow <undetermined>
+	NOTE: https://issues.jboss.org/browse/WFLY-9620
+	NOTE: https://developer.jboss.org/thread/276826
+	TODO: check, issue in undertow or WildFly?
 CVE-2018-1046
 	RESERVED
 CVE-2018-1045 (In Moodle 3.x, there is XSS via a calendar event name. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d93f3f797e1101da2e178aad5a4f1c18c720551

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4d93f3f797e1101da2e178aad5a4f1c18c720551
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180125/1eabcb38/attachment.html>
