[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2021-28169,CVE-2021-34428,jetty9: Fixed in unstable

Sat Jul 3 18:25:25 BST 2021


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bd70f65b by Markus Koschany at 2021-07-03T19:19:55+02:00
CVE-2021-28169,CVE-2021-34428,jetty9: Fixed in unstable

- - - - -
6bbfa6bd by Markus Koschany at 2021-07-03T19:20:42+02:00
Remove jetty9 from dla-needed.txt

- - - - -
a4015ccd by Markus Koschany at 2021-07-03T19:24:21+02:00
Mark CVE-2021-34428,jetty9 as not affected for Stretch

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3817,7 +3817,8 @@ CVE-2021-34430
 CVE-2021-34429
 	RESERVED
 CVE-2021-34428 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, i ...)
-	- jetty9 <unfixed> (bug #990578)
+	- jetty9 9.4.39-2 (bug #990578)
+	[stretch] - jetty9 <not-affected> (vulnerable code is not present)
 	- jetty8 <removed>
 	- jetty <removed>
 	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6
@@ -18790,7 +18791,7 @@ CVE-2021-28170 (In the Jakarta Expression Language implementation 3.0.3 and earl
 	NOTE: Only affects the EL reference implementation which isn't built into the binary packages
 CVE-2021-28169 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, i ...)
 	{DLA-2688-1}
-	- jetty9 <unfixed> (bug #989999)
+	- jetty9 9.4.39-2 (bug #989999)
 	- jetty8 <removed>
 	- jetty <removed>
 	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-gwcr-j4wh-j3cq


=====================================
data/dla-needed.txt
=====================================
@@ -64,8 +64,6 @@ intel-microcode
   NOTE: 20210622: we'll wait for a couple of days more before rolling
   NOTE: 20210622: out the update. (utkarsh)
 --
-jetty9 (Markus Koschany)
---
 libxstream-java (Sylvain Beucler)
   NOTE: 20210603: upstream changed the default security framework to a whitelist,
   NOTE: 20210603: we should consider checking rdeps and doing the same and announce



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fbe3854d4737b1de1924ffd3148eb59b51088c40...a4015ccdc1bf5b4afa41d5d067e8ac10c100bbca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fbe3854d4737b1de1924ffd3148eb59b51088c40...a4015ccdc1bf5b4afa41d5d067e8ac10c100bbca
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210703/6946e942/attachment-0001.htm>
