[Git][security-tracker-team/security-tracker][master] Mark CVE-2018-12536/jetty9 as fixed with 9.2.25-1

Wed Sep 5 21:46:27 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0f49d452 by Salvatore Bonaccorso at 2018-09-05T20:46:12Z
Mark CVE-2018-12536/jetty9 as fixed with 9.2.25-1

Emmanuel Bourg did some more investigation and whilst not there is no
indication on the specific fix, upstream claims it is adressed in
9.2.25, 9.3.24 and 9.4.11.

https://github.com/eclipse/jetty.project/blob/jetty-9.4.x/jetty-documentation/src/main/asciidoc/reference/troubleshooting/security-reports.adoc

potentially need to trust upstream here with the versions.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9723,7 +9723,7 @@ CVE-2018-12538 (In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the op
 CVE-2018-12537 (In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response ...)
 	NOT-FOR-US: Eclipse Vertx
 CVE-2018-12536 (In Eclipse Jetty Server, all 9.x versions, on webapps deployed using ...)
-	- jetty9 <unfixed> (low; bug #902774)
+	- jetty9 9.2.25-1 (low; bug #902774)
 	[stretch] - jetty9 <ignored> (Harmless information leak)
 	- jetty8 <removed>
 	- jetty <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f49d4524db3ec2be66adcb05d664002dc6c724c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0f49d4524db3ec2be66adcb05d664002dc6c724c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180905/dc850c04/attachment-0001.html>
