[Git][security-tracker-team/security-tracker][master] CVE-2021-34429,jetty9: Fixed in unstable

[Markus Koschany (@apo)]

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
43738bcf by Markus Koschany at 2021-07-18T19:51:40+02:00
CVE-2021-34429,jetty9: Fixed in unstable

Mark the versions in Buster and Stretch as not-affected because the vulnerable
code was introduced in version 9.4.37

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5225,9 +5225,11 @@ CVE-2021-34431
 CVE-2021-34430 (Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C  ...)
 	NOT-FOR-US: Eclipse TinyDTLS
 CVE-2021-34429 (For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-1 ...)
-	- jetty9 <unfixed> (bug #991188)
+	- jetty9 9.4.39-3 (bug #991188)
+	[buster] - jetty9 <not-affected> (Vulnerable code was introduced in version 9.4.37)
+	[stretch] - jetty9 <not-affected> (Vulnerable code was introduced in version 9.4.37)
 	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm
-	TODO: check, seems to have been introduced 9.4.37 upstream
+	NOTE: Fixed by https://github.com/eclipse/jetty.project/pull/6477
 CVE-2021-34428 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, i ...)
 	- jetty9 9.4.39-2 (bug #990578)
 	[stretch] - jetty9 <not-affected> (vulnerable code is not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43738bcf7e38d30adbed6efe542d4fd965fa0dae

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43738bcf7e38d30adbed6efe542d4fd965fa0dae
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210718/93a19de1/attachment.htm>