[Git][security-tracker-team/security-tracker][master] 3 commits: Triage CVE-2020-10719,undertow

Mon Sep 14 22:32:45 BST 2020


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b4f06892 by Markus Koschany at 2020-09-14T23:32:24+02:00
Triage CVE-2020-10719,undertow

Upstream bug report is not public. The issue was fixed in 2.1.1-1. Most likely
fixing commit is

https://github.com/undertow-io/undertow/commit/bfc8fbd67f6b3dd96702b363f61cf805baf3c6cf

found with diff between version 2.1.0 and 2.1.1.

- - - - -
d95129a9 by Markus Koschany at 2020-09-14T23:32:25+02:00
Triage CVE-2020-1757,undertow.

Fixed in version 2.1.1-1

- - - - -
ce7282ce by Markus Koschany at 2020-09-14T23:32:26+02:00
Triage CVE-2020-10705,undertow

Fixed in version 2.1.1-1

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -34816,8 +34816,10 @@ CVE-2020-10720 (A flaw was found in the Linux kernel's implementation of GRO in
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1781204
 	NOTE: Fixed by: https://git.kernel.org/linus/a4270d6795b0580287453ea55974d948393e66ef
 CVE-2020-10719 (A flaw was found in Undertow in versions before 2.1.1.Final, regarding ...)
-	- undertow <unfixed> (bug #969913)
+	- undertow 2.1.1-1 (bug #969913)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1828459
+	NOTE: https://issues.redhat.com/browse/UNDERTOW-1708 (not public)
+	NOTE: most likely fixed by https://github.com/undertow-io/undertow/commit/bfc8fbd67f6b3dd96702b363f61cf805baf3c6cf
 CVE-2020-10718
 	RESERVED
 	- wildfly <itp> (bug #752018)
@@ -34865,8 +34867,9 @@ CVE-2020-10707
 CVE-2020-10706 (A flaw was found in OpenShift Container Platform where OAuth tokens ar ...)
 	NOT-FOR-US: OpenShift
 CVE-2020-10705 (A flaw was discovered in Undertow in versions before Undertow 2.1.1.Fi ...)
-	- undertow <undetermined>
+	- undertow 2.1.1-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1803241
+	NOTE: https://github.com/undertow-io/undertow/commit/b53d4589c586e8bbdcc89ed60f32cd7977e9a4f4
 CVE-2020-10704 (A flaw was found when using samba as an Active Directory Domain Contro ...)
 	- samba 2:4.12.3+dfsg-2 (bug #960188)
 	[buster] - samba <postponed> (Can be fixed along in future DSA)
@@ -58480,8 +58483,11 @@ CVE-2020-1759 (A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat O
 CVE-2020-1758 (A flaw was found in Keycloak in versions before 10.0.0, where it does  ...)
 	NOT-FOR-US: Keycloak
 CVE-2020-1757 (A flaw was found in all undertow-2.x.x SP1 versions prior to undertow- ...)
-	- undertow <unfixed>
+	- undertow 2.1.1-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1752770
+	NOTE: https://issues.redhat.com/browse/UNDERTOW-1464
+	NOTE: https://issues.redhat.com/browse/UNDERTOW-1671
+	NOTE: https://github.com/undertow-io/undertow/pull/871
 CVE-2020-1756
 	RESERVED
 CVE-2020-1755



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2e2963c0f4d5b95d9d907546584b6ac812b1c1f7...ce7282ced9156c1cd58c85dccf9c631ea742d4fc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2e2963c0f4d5b95d9d907546584b6ac812b1c1f7...ce7282ced9156c1cd58c85dccf9c631ea742d4fc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200914/2dddd2c4/attachment-0001.html>
