[Git][security-tracker-team/security-tracker][master] Remove src:undertow entries for stretch (will be removed in 9.5)

Salvatore Bonaccorso carnil at debian.org
Sat Jul 14 09:42:57 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fa8db11d by Salvatore Bonaccorso at 2018-07-14T10:40:34+02:00
Remove src:undertow entries for stretch (will be removed in 9.5)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -35238,7 +35238,6 @@ CVE-2018-1115 (postgresql before versions 10.4, 9.6.9 is vulnerable in the admin
 CVE-2018-1114 [File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service]
 	RESERVED
 	- undertow 1.4.25-1 (bug #897247)
-	[stretch] - undertow <no-dsa> (Scheduled for removal on point release)
 	NOTE: https://issues.jboss.org/browse/UNDERTOW-1338
 	NOTE: https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64a
 	NOTE: https://bugs.openjdk.java.net/browse/JDK-6956385
@@ -35430,7 +35429,6 @@ CVE-2018-1068 (A flaw was found in the Linux 4.x kernel's implementation of 32-b
 	NOTE: non-standard setups
 CVE-2018-1067 (In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the ...)
 	- undertow 1.4.25-1 (bug #900323)
-	[stretch] - undertow <no-dsa> (Scheduled for removal on point release)
 	NOTE: https://issues.jboss.org/browse/UNDERTOW-1302
 	NOTE: Issue is incomplete fix for CVE-2016-4993
 	NOTE: Fixed by https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b86 (1.4.25.Final)
@@ -35575,7 +35573,6 @@ CVE-2018-1049 (In systemd prior to 234 a race condition exists between .mount an
 	NOTE: https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318
 CVE-2018-1048 (It was found that the AJP connector in undertow, as shipped in Jboss ...)
 	- undertow 1.4.22-1 (bug #891928)
-	[stretch] - undertow <no-dsa> (Scheduled for removal on point release)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1534343
 	NOTE: https://issues.jboss.org/browse/UNDERTOW-1245
 	NOTE: Fixed by https://github.com/undertow-io/undertow/commit/1bc0c275aadf5835abfbd3835d5d78095c2f1cf5
@@ -53441,7 +53438,6 @@ CVE-2017-12197 (It was found that libpam4j up to and including 1.8 did not prope
 	NOTE: (Non-upstream) patch: https://github.com/letonez/libpam4j/commit/84f32f4001fc6bdcc125ccc959081de022d18b6d
 CVE-2017-12196 (undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was ...)
 	- undertow 1.4.25-1
-	[stretch] - undertow <no-dsa> (Scheduled for removal on point release)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1503055
 	NOTE: Fixed by https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870
 	NOTE: See also https://github.com/undertow-io/undertow/commit/8804170ce3186bdd83b486959399ec7ac0f59d0f
@@ -53592,7 +53588,6 @@ CVE-2017-12166 (OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnera
 CVE-2017-12165 [improper whitespace parsing leading to potential HTTP request smuggling]
 	RESERVED
 	- undertow <unfixed> (bug #885338)
-	[stretch] - undertow <no-dsa> (Scheduled for removal on point release)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1490301
 	NOTE: Fix likely included in the same commit as the fix for CVE-2017-7559
 	NOTE: https://github.com/undertow-io/undertow/commit/3436b03eda8b0b62c1855698c4d7c358add836c2
@@ -67621,7 +67616,6 @@ CVE-2017-7560 (It was found that rhnsd PID files are created as world-writable t
 	NOTE: Introduced by: https://github.com/spacewalkproject/spacewalk/commit/75d9c00b96ab430221c5c7668baebebc74ddd67e
 CVE-2017-7559 (In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and ...)
 	- undertow 1.4.23-1 (bug #885576)
-	[stretch] - undertow <no-dsa> (Scheduled for removal on point release)
 	NOTE: CVE is for an incomplete fix of CVE-2017-2666
 	NOTE: Invalid characters were still allowed in the query string and path parameters.
 	NOTE: https://issues.jboss.org/browse/UNDERTOW-1165



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa8db11df23d31667bbd7efd24c088150c3bbc9d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fa8db11df23d31667bbd7efd24c088150c3bbc9d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180714/419a8847/attachment.html>


More information about the debian-security-tracker-commits mailing list