[Git][security-tracker-team/security-tracker][master] CVE-2009-5047 was found to be a duplicate of CVE-2009-4611

Salvatore Bonaccorso carnil at debian.org
Thu Nov 21 20:18:23 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
84db0cda by Salvatore Bonaccorso at 2019-11-21T20:16:44Z
CVE-2009-5047 was found to be a duplicate of CVE-2009-4611

Move all information we have to the retained CVE entry and drop notes
from CVE-2009-5047. It was found that CVE-2009-5047 was back then a
resevation duplicate of the CVE-2009-4611 CVE identifier.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -309066,7 +309066,9 @@ CVE-2010-XXXX [ZF2010-07]
 CVE-2009-4612 (Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP  ...)
 	- jetty 6.1.22-1 (bug #575789)
 CVE-2009-4611 (Mort Bay Jetty 6.x through 6.1.22 and 7.0.0 writes backtrace data with ...)
-	- jetty 6.1.22-1
+	- jetty 6.1.22-1 (unimportant; bug #553644)
+	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
+	NOTE: The affected apps are not shipped in the package, see #553644
 CVE-2009-4610 (Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty  ...)
 	- jetty <not-affected> (low; bug #575790)
 	NOTE: the exploitable servlet is not shipped in Debian packages
@@ -312147,9 +312149,6 @@ CVE-2009-5046 (JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22. ...
 	NOTE: The affected apps are not shipped in the package, see #553644
 CVE-2009-5047
 	REJECTED
-	- jetty 6.1.22-1 (unimportant; bug #553644)
-	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
-	NOTE: The affected apps are not shipped in the package, see #553644
 CVE-2009-5048 (Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20. ...)
 	- jetty 6.1.22-1 (unimportant; bug #553644)
 	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/84db0cda3f9415a37e4c61e851a8694b83fac11c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/84db0cda3f9415a37e4c61e851a8694b83fac11c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191121/d2a1598d/attachment.html>

More information about the debian-security-tracker-commits mailing list