[Git][security-tracker-team/security-tracker][master] 2 commits: data/dla-needed.txt: Add dates for jetty.
Chris Lamb
lamby at debian.org
Thu Jul 5 20:38:56 BST 2018
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
55f7b1f3 by Chris Lamb at 2018-07-05T21:38:10+02:00
data/dla-needed.txt: Add dates for jetty.
- - - - -
53526d8f by Chris Lamb at 2018-07-05T21:38:21+02:00
data/dla-needed.txt: Claim ca-certificates.
- - - - -
1 changed file:
- data/dla-needed.txt
Changes:
=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -18,7 +18,7 @@ bouncycastle (Markus Koschany)
--
busybox (Markus Koschany)
--
-ca-certificates
+ca-certificates (Chris Lamb)
NOTE: 20180531: check if we need to perform an update before wheezy is EOL (anarcat)
NOTE: 20180601: Will keep this open and check for jessie now. (lamby)
--
@@ -39,15 +39,15 @@ graphicsmagick (Roberto C. Sánchez)
intel-microcode
--
jetty (Hugo Lefeuvre)
- NOTE: jetty8 almost never marked as affected whereas jetty and jetty9 are. Reason ?
- NOTE: CVE-2018-12536 fixed in latest upstream release. Looks like upstream
- NOTE: voluntarily obfuscated the issue (fix hidden in unrelated changes).
- NOTE: Fix (9.4.x): a51920d650d924cc2cea011995624b394437c6e0
- NOTE: (9.3.x): 53e8bc2a636707e896fd106fbee3596823c2cdc9 (closer to Debian versions)
- NOTE: check before putting in the tracker.
- NOTE: jetty: doesn't seem to be affected (Wheezy + Jessie)
- NOTE: jetty8: still need to check (Wheezy + Jessie)
- NOTE: jetty9: affected, will provide patches for stretch and testing
+ NOTE: 20180702: jetty8 almost never marked as affected whereas jetty and jetty9 are. Reason ?
+ NOTE: 20180702: CVE-2018-12536 fixed in latest upstream release. Looks like upstream
+ NOTE: 20180702: voluntarily obfuscated the issue (fix hidden in unrelated changes).
+ NOTE: 20180702: Fix (9.4.x): a51920d650d924cc2cea011995624b394437c6e0
+ NOTE: 20180702: (9.3.x): 53e8bc2a636707e896fd106fbee3596823c2cdc9 (closer to Debian versions)
+ NOTE: 20180702: check before putting in the tracker.
+ NOTE: 20180702: jetty: doesn't seem to be affected (Wheezy + Jessie)
+ NOTE: 20180702: jetty8: still need to check (Wheezy + Jessie)
+ NOTE: 20180702: jetty9: affected, will provide patches for stretch and testing
--
kdepim
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/dd6b5597356b0686b981248df18cd4455b17e8d0...53526d8f768c7de1ea41666dac153e2f43718685
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/dd6b5597356b0686b981248df18cd4455b17e8d0...53526d8f768c7de1ea41666dac153e2f43718685
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180705/164d90d2/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list