[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2018-1047, wildfly/undertow: Add link to pull request

Markus Koschany apo at debian.org
Fri Mar 2 19:29:36 UTC 2018


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
95bdbe58 by Markus Koschany at 2018-03-02T20:25:40+01:00
CVE-2018-1047,wildfly/undertow: Add link to pull request

- - - - -
9b4cc6d2 by Markus Koschany at 2018-03-02T20:26:48+01:00
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker

- - - - -
4710fae5 by Markus Koschany at 2018-03-02T20:27:16+01:00
CVE-2017-7559,undertow: Fixed in 1.4.23-1.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -17736,6 +17736,8 @@ CVE-2018-1047 (A flaw was found in Wildfly 9.x. A path traversal vulnerability .
 	- undertow <unfixed> (bug #891929)
 	NOTE: https://issues.jboss.org/browse/WFLY-9620
 	NOTE: https://developer.jboss.org/thread/276826
+	NOTE: Fixed by https://github.com/wildfly/wildfly/pull/10748
+	NOTE: It looks more like an issue in WildFly. Not 100% sure though.
 	TODO: check, issue in undertow or WildFly?
 CVE-2018-1046
 	RESERVED
@@ -49505,7 +49507,7 @@ CVE-2017-7560 (It was found that rhnsd PID files are created as world-writable t
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1480550
 	NOTE: Introduced by: https://github.com/spacewalkproject/spacewalk/commit/75d9c00b96ab430221c5c7668baebebc74ddd67e
 CVE-2017-7559 (In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and ...)
-	- undertow <unfixed> (bug #885576)
+	- undertow 1.4.23-1 (bug #885576)
 	NOTE: CVE is for an incomplete fix of CVE-2017-2666
 	NOTE: Invalid characters were still allowed in the query string and path parameters.
 	NOTE: https://issues.jboss.org/browse/UNDERTOW-1251



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f6dd99b0c59554e0f0a8073f6bb13b1903897810...4710fae5b46bb4b53bf7e464996b8c58ed3417d6

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/f6dd99b0c59554e0f0a8073f6bb13b1903897810...4710fae5b46bb4b53bf7e464996b8c58ed3417d6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180302/d2a8b905/attachment.html>


More information about the Secure-testing-commits mailing list