[Git][security-tracker-team/security-tracker][master] new jetty issues

Moritz Muehlenhoff jmm at debian.org
Thu Jun 28 08:54:34 BST 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
62c06450 by Moritz Muehlenhoff at 2018-06-28T09:54:01+02:00
new jetty issues
pyyaml CVE ID assignment

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,8 @@
+CVE-2017-18342 [pyyaml load_yaml]
+	- pyyaml <unfixed> (unimportant)
+	NOTE: This is a well-known design deficiency in pyyaml, various CVE IDs have been assigned
+	NOTE: to applications misusing the API over the years. The CVE ID was assigned to raise
+	NOTE: awareness (and 4.1 now fixes the default behaviour as well)
 CVE-2018-12904 [KVM L1 guest escape]
 	- linux <unfixed>
 	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1589
@@ -64325,11 +64330,20 @@ CVE-2017-7659 (A maliciously constructed HTTP/2 request could cause mod_http2 2.
 	NOTE: HTTP/2 support introduced in 2.4.17
 	NOTE: http://www.openwall.com/lists/oss-security/2017/06/19/5
 CVE-2017-7658 (In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non ...)
-	TODO: check
+	- jetty <removed>
+	- jetty8 <removed>
+	- jetty9 <unfixed> (low)
+	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669
 CVE-2017-7657 (In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all ...)
-	TODO: check
+	- jetty <removed>
+	- jetty8 <removed>
+	- jetty9 <unfixed> (low)
+	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668
 CVE-2017-7656 (In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all ...)
-	TODO: check
+	- jetty <removed>
+	- jetty8 <removed>
+	- jetty9 <unfixed> (low)
+	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667
 CVE-2017-7655
 	RESERVED
 CVE-2017-7654 (In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/62c0645027542729ff20a0fd0f6d7c9ec0f76fc4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/62c0645027542729ff20a0fd0f6d7c9ec0f76fc4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180628/6bf12d03/attachment.html>

More information about the debian-security-tracker-commits mailing list