[Git][security-tracker-team/security-tracker][master] Mark CVE-2021-28163 and CVE-2021-28164,jetty9 as not affected for Buster.
Markus Koschany (@apo)
apo at debian.org
Mon Jul 5 13:49:36 BST 2021
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7f199805 by Markus Koschany at 2021-07-05T14:48:37+02:00
Mark CVE-2021-28163 and CVE-2021-28164,jetty9 as not affected for Buster.
The vulnerable code was introduced later.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18831,12 +18831,14 @@ CVE-2021-28165 (In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 1
CVE-2021-28164 (In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default com ...)
- jetty9 9.4.39-1
[stretch] - jetty9 <not-affected> (Vulnerable code introduced later)
+ [buster] - jetty9 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5
NOTE: https://github.com/eclipse/jetty.project/commit/e412c8a15b3334b30193f40412c0fbc47e478e83
NOTE: Introduced by https://github.com/eclipse/jetty.project/commit/20ef71fe5d709a90c2a5698834fff07b9b4e7ad7 (jetty-9.4.37.v20210219)
CVE-2021-28163 (In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0. ...)
- jetty9 9.4.39-1
[stretch] - jetty9 <not-affected> (Vulnerable code introduced in 9.4.32 according to upstream advisory, reproducer no-op)
+ [buster] - jetty9 <not-affected> (Vulnerable code introduced was introduced later)
NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq
NOTE: https://github.com/eclipse/jetty.project/commit/37fffb1722604da1763d8a096ec5c5fb41ea0633
CVE-2021-28162 (In Eclipse Theia versions up to and including 0.16.0, in the notificat ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f1998059b6c1f200bbeacf4d80612c0e4a5e7bc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f1998059b6c1f200bbeacf4d80612c0e4a5e7bc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210705/6aaa16cf/attachment.htm>
More information about the debian-security-tracker-commits
mailing list