[Git][security-tracker-team/security-tracker][master] Update jetty entry in dla-needed

Hugo Lefeuvre hle at debian.org
Mon Jul 2 17:10:04 BST 2018 

Hugo Lefeuvre pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6721fcf7 by Hugo Lefeuvre at 2018-07-02T12:08:38-04:00
Update jetty entry in dla-needed

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -42,10 +42,15 @@ ipsec-tools
   NOTE: CVE-2016-10396 fixed in wheezy. No further point release so this should be fixed this way instead.
 --
 jetty (Hugo Lefeuvre)
-  NOTE: CVE-2018-12536 fixed in latest upstream release but looks like upstream
-  NOTE: voluntarily obfuscated the issue by hiding the fix in a bunch of unrelated
-  NOTE: changes. Still need to reproduce.
-  NOTE: I highly suspect a51920d650d924cc2cea011995624b394437c6e0. Needs test.
+  NOTE: jetty8 almost never marked as affected whereas jetty and jetty9 are. Reason ?
+  NOTE: CVE-2018-12536 fixed in latest upstream release. Looks like upstream
+  NOTE: voluntarily obfuscated the issue (fix hidden in unrelated changes).
+  NOTE: Fix (9.4.x): a51920d650d924cc2cea011995624b394437c6e0
+  NOTE:     (9.3.x): 53e8bc2a636707e896fd106fbee3596823c2cdc9 (closer to Debian versions)
+  NOTE: check before putting in the tracker.
+  NOTE: jetty:  doesn't seem to be affected (Wheezy + Jessie)
+  NOTE: jetty8: still need to check (Wheezy + Jessie)
+  NOTE: jetty9: affected, will provide patches for stretch and testing
 --
 kdepim
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6721fcf7e97f719e203b63cba19c0f1b6224082e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6721fcf7e97f719e203b63cba19c0f1b6224082e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180702/01f94928/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list