[Git][security-tracker-team/security-tracker][master] Add CVE-2021-34429/jetty9
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jul 16 06:02:36 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cd7e3019 by Salvatore Bonaccorso at 2021-07-16T07:01:58+02:00
Add CVE-2021-34429/jetty9
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5174,7 +5174,9 @@ CVE-2021-34431
CVE-2021-34430 (Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C ...)
NOT-FOR-US: Eclipse TinyDTLS
CVE-2021-34429 (For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-1 ...)
- TODO: check
+ - jetty9 <unfixed>
+ NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm
+ TODO: check, seems to have been introduced 9.4.37 upstream
CVE-2021-34428 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, i ...)
- jetty9 9.4.39-2 (bug #990578)
[stretch] - jetty9 <not-affected> (vulnerable code is not present)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd7e3019c3bc641a5a2bf344921013cf8c8062c6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd7e3019c3bc641a5a2bf344921013cf8c8062c6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210716/361f41ab/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list