[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2020-27218/jetty9: reference upstream issue
Sylvain Beucler
beuc at debian.org
Mon May 10 18:07:17 BST 2021
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f694561d by Sylvain Beucler at 2021-05-10T19:00:56+02:00
CVE-2020-27218/jetty9: reference upstream issue
- - - - -
1f1ba2f2 by Sylvain Beucler at 2021-05-10T19:02:22+02:00
CVE-2020-27218/jetty9: stretch ignored
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -42740,9 +42740,10 @@ CVE-2020-27219 (In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404
NOT-FOR-US: Eclipse Hawkbit
CVE-2020-27218 (In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 ...)
- jetty9 9.4.35-1 (bug #976211)
- [stretch] - jetty9 <no-dsa> (Minor issue)
+ [stretch] - jetty9 <ignored> (Minor issue, request smuggling in specific conditions, invasive, patch introduces regressions, word-arounds exist)
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892
NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8
+ NOTE: https://github.com/eclipse/jetty.project/issues/5605
CVE-2020-27217 (In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does ...)
NOT-FOR-US: Eclipse Hono
CVE-2020-27216 (In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thr ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/464804fabecbb1eccbf9e556d585d5c3659eaa10...1f1ba2f2dc39237cac74f6807ccbdd2d940dfd70
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/464804fabecbb1eccbf9e556d585d5c3659eaa10...1f1ba2f2dc39237cac74f6807ccbdd2d940dfd70
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210510/44638ef6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list