[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2021-28163,CVE-2021-28164,CVE-2021-28165/jetty: add references

Sylvain Beucler beuc at debian.org
Tue May 4 17:42:28 BST 2021 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ac53d842 by Sylvain Beucler at 2021-05-04T17:57:32+02:00
CVE-2021-28163,CVE-2021-28164,CVE-2021-28165/jetty: add references

- - - - -
369b750e by Sylvain Beucler at 2021-05-04T18:41:31+02:00
CVE-2021-28165/jetty9: stretch not-affected

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8768,13 +8768,18 @@ CVE-2021-28166 (In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated
 	NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=572608
 CVE-2021-28165 (In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0. ...)
 	- jetty9 9.4.39-1
+	[stretch] - jetty9 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w
+	NOTE: https://github.com/eclipse/jetty.project/issues/6072
+	NOTE: Introduced by https://github.com/eclipse/jetty.project/commit/17b6eee5aca00460913a2b7847325b6e3df39fd2 (v9.4.12)
 CVE-2021-28164 (In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default com ...)
 	- jetty9 9.4.39-1
 	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5
+	NOTE: https://github.com/eclipse/jetty.project/commit/e412c8a15b3334b30193f40412c0fbc47e478e83
 CVE-2021-28163 (In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0. ...)
 	- jetty9 9.4.39-1
 	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq
+	NOTE: https://github.com/eclipse/jetty.project/commit/37fffb1722604da1763d8a096ec5c5fb41ea0633
 CVE-2021-28162 (In Eclipse Theia versions up to and including 0.16.0, in the notificat ...)
 	NOT-FOR-US: Eclipse Theia
 CVE-2021-28161 (In Eclipse Theia versions up to and including 1.8.0, in the debug cons ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/654d4e517e3067c7a807a695a261b0ec6740c4fc...369b750e0e56ae70a90f5aa1435f91e5ece6e342

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/654d4e517e3067c7a807a695a261b0ec6740c4fc...369b750e0e56ae70a90f5aa1435f91e5ece6e342
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210504/d2c438e1/attachment.htm>

More information about the debian-security-tracker-commits mailing list