[Git][security-tracker-team/security-tracker][master] 2 commits: Remove jetty9 from dla-needed.txt

Markus Koschany apo at debian.org
Thu Sep 10 15:22:26 BST 2020 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
537b05f9 by Markus Koschany at 2020-09-10T16:20:09+02:00
Remove jetty9 from dla-needed.txt

- - - - -
28210393 by Markus Koschany at 2020-09-10T16:21:46+02:00
CVE-2019-17638,jetty9: Stretch and Buster are not affected

The vulnerable code was introduced in version 9.4.27.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -65648,6 +65648,8 @@ CVE-2019-17639 (In Eclipse OpenJ9 prior to version 0.21 on Power platforms, call
 	NOT-FOR-US: IBM JDK specific issue on on AIX and Linux on the Power platform
 CVE-2019-17638 (In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in ca ...)
 	- jetty9 9.4.31-1
+	[buster] - jetty9 <not-affected> (vulnerable code was introduced in 9.4.27)
+	[stretch] - jetty9 <not-affected> (vulnerable code was introduced in 9.4.27)
 	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=564984
 	NOTE: https://github.com/eclipse/jetty.project/issues/4936
 CVE-2019-17637 (In all versions of Eclipse Web Tools Platform through release 3.18 (20 ...)


=====================================
data/dla-needed.txt
=====================================
@@ -87,8 +87,6 @@ golang-golang-x-net-dev
 --
 guacamole-client (Mike Gabriel)
 --
-jetty9 (Markus Koschany)
---
 jupyter-notebook
   NOTE: 20200711: Vulnerable to (at least) CVE-2018-19351. (lamby)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d7b846cfde62e99b72d5ea28b827e5472357b2bf...28210393136edd9e360286a86ce74764fb3520be

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d7b846cfde62e99b72d5ea28b827e5472357b2bf...28210393136edd9e360286a86ce74764fb3520be
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200910/a1ab7ca0/attachment.html>

More information about the debian-security-tracker-commits mailing list