[Git][security-tracker-team/security-tracker][master] add jetty commit references and mark one issue as ignored
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Jul 28 16:46:35 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
986365cb by Moritz Muehlenhoff at 2021-07-28T17:46:20+02:00
add jetty commit references and mark one issue as ignored
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7105,6 +7105,7 @@ CVE-2021-34428 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.
- jetty <removed>
NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6
NOTE: https://github.com/eclipse/jetty.project/issues/6277
+ NOTE: https://github.com/eclipse/jetty.project/commit/087f486b4461746b4ded45833887b3ccb136ee85 (jetty-9.4.x)
CVE-2021-34427 (In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query ...)
NOT-FOR-US: Eclipse BIRT
CVE-2021-34426
@@ -22488,6 +22489,8 @@ CVE-2021-28165 (In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 1
[stretch] - jetty9 <ignored> (Minor issue, cpu-spin DoS w/o service outage, no patch for 9.2 while 9.4 refactoring in core SSL code)
NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w
NOTE: https://github.com/eclipse/jetty.project/issues/6072
+ NOTE: https://github.com/eclipse/jetty.project/pull/6073/commits/af289dcaedcddcc6b23bc73ddc20363c34338412 (jetty-9.4.x)
+ NOTE: https://github.com/eclipse/jetty.project/pull/6073/commits/705e5e9a6a00fd3a533695bae8915b0295a4f879 (jetty-9.4.x)
CVE-2021-28164 (In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default com ...)
- jetty9 9.4.39-1
[buster] - jetty9 <not-affected> (Vulnerable code introduced later)
@@ -55687,7 +55690,8 @@ CVE-2020-27219 (In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404
NOT-FOR-US: Eclipse Hawkbit
CVE-2020-27218 (In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 ...)
- jetty9 9.4.35-1 (bug #976211)
- [stretch] - jetty9 <ignored> (Minor issue, request smuggling in specific conditions, invasive, patch introduces regressions, word-arounds exist)
+ [buster] - jetty9 <ignored> (Minor issue, too intrusive to backport, patch introduces regressions, workarounds exist)
+ [stretch] - jetty9 <ignored> (Minor issue, request smuggling in specific conditions, invasive, patch introduces regressions, workarounds exist)
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892
NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8
NOTE: https://github.com/eclipse/jetty.project/issues/5605
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/986365cb204bfd2e78c3f89cf1eb8c2b898f060c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/986365cb204bfd2e78c3f89cf1eb8c2b898f060c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210728/b22dbbe3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list