[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2018-1047, wildfly/undertow: Add link to pull request
Markus Koschany
apo at debian.org
Fri Mar 2 19:29:36 UTC 2018
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
95bdbe58 by Markus Koschany at 2018-03-02T20:25:40+01:00
CVE-2018-1047,wildfly/undertow: Add link to pull request
- - - - -
9b4cc6d2 by Markus Koschany at 2018-03-02T20:26:48+01:00
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker
- - - - -
4710fae5 by Markus Koschany at 2018-03-02T20:27:16+01:00
CVE-2017-7559,undertow: Fixed in 1.4.23-1.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -17736,6 +17736,8 @@ CVE-2018-1047 (A flaw was found in Wildfly 9.x. A path traversal vulnerability .
- undertow <unfixed> (bug #891929)
NOTE: https://issues.jboss.org/browse/WFLY-9620
NOTE: https://developer.jboss.org/thread/276826
+ NOTE: Fixed by https://github.com/wildfly/wildfly/pull/10748
+ NOTE: It looks more like an issue in WildFly. Not 100% sure though.
TODO: check, issue in undertow or WildFly?
CVE-2018-1046
RESERVED
@@ -49505,7 +49507,7 @@ CVE-2017-7560 (It was found that rhnsd PID files are created as world-writable t
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1480550
NOTE: Introduced by: https://github.com/spacewalkproject/spacewalk/commit/75d9c00b96ab430221c5c7668baebebc74ddd67e
CVE-2017-7559 (In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and ...)
- - undertow <unfixed> (bug #885576)
+ - undertow 1.4.23-1 (bug #885576)
NOTE: CVE is for an incomplete fix of CVE-2017-2666
NOTE: Invalid characters were still allowed in the query string and path parameters.
NOTE: https://issues.jboss.org/browse/UNDERTOW-1251
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f6dd99b0c59554e0f0a8073f6bb13b1903897810...4710fae5b46bb4b53bf7e464996b8c58ed3417d6
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f6dd99b0c59554e0f0a8073f6bb13b1903897810...4710fae5b46bb4b53bf7e464996b8c58ed3417d6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180302/d2a8b905/attachment.html>
More information about the Secure-testing-commits
mailing list