[Git][security-tracker-team/security-tracker][master] Reserve DLA-2560-1 for jetty9
Sylvain Beucler (@beuc)
beuc at debian.org
Fri May 14 14:16:48 BST 2021
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d5b791b9 by Sylvain Beucler at 2021-05-14T15:16:10+02:00
Reserve DLA-2560-1 for jetty9
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -44072,7 +44072,6 @@ CVE-2020-27217 (In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapte
NOT-FOR-US: Eclipse Hono
CVE-2020-27216 (In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thr ...)
- jetty9 9.4.33-1
- [stretch] - jetty9 <no-dsa> (Minor issue)
- jetty8 <removed>
- jetty <removed>
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=567921
@@ -139073,7 +139072,6 @@ CVE-2019-10247 (In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and
[experimental] - jetty9 9.4.18-1
- jetty9 9.4.18-2 (bug #928444)
[buster] - jetty9 <no-dsa> (Minor issue)
- [stretch] - jetty9 <no-dsa> (Minor issue)
- jetty8 <removed>
[jessie] - jetty8 <no-dsa> (Minor issue)
- jetty <removed>
@@ -139098,7 +139096,6 @@ CVE-2019-10241 (In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and
[experimental] - jetty9 9.4.18-1
- jetty9 9.4.18-2 (bug #928444)
[buster] - jetty9 <no-dsa> (Minor issue)
- [stretch] - jetty9 <no-dsa> (Minor issue)
- jetty8 <removed>
[jessie] - jetty8 <no-dsa> (Minor issue)
- jetty <removed>
@@ -186885,7 +186882,6 @@ CVE-2018-12537 (In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response
NOT-FOR-US: Eclipse Vertx
CVE-2018-12536 (In Eclipse Jetty Server, all 9.x versions, on webapps deployed using d ...)
- jetty9 9.2.25-1 (low; bug #902774)
- [stretch] - jetty9 <ignored> (Harmless information leak)
- jetty8 <removed>
[jessie] - jetty8 <ignored> (Harmless information leak)
- jetty <removed>
@@ -245513,7 +245509,6 @@ CVE-2017-9726 (The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript G
CVE-2017-9735 (Jetty through 9.4.x is prone to a timing channel in util/security/Pass ...)
{DLA-1021-1 DLA-1020-1}
- jetty9 9.2.22-1 (bug #864898)
- [stretch] - jetty9 <ignored> (Harmless information leak)
- jetty8 <removed>
[jessie] - jetty8 <no-dsa> (Minor issue)
- jetty <removed>
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[14 May 2021] DLA-2661-1 jetty9 - security update
+ {CVE-2017-9735 CVE-2018-12536 CVE-2019-10241 CVE-2019-10247 CVE-2020-27216}
+ [stretch] - jetty9 9.2.30-0+deb9u1
[13 May 2021] DLA-2660-1 libgetdata - security update
{CVE-2021-20204}
[stretch] - libgetdata 0.9.4-1+deb9u1
=====================================
data/dla-needed.txt
=====================================
@@ -67,9 +67,6 @@ imagemagick (Anton Gladky)
NOTE: 20210415: Tracker records as vulnerable to CVE-2021-20312, but parts of
NOTE: 20210415: patch already partly covered; needs investigation. (lamby)
--
-jetty9 (Sylvain Beucler)
- NOTE: 20210507: fixing FTBFS due to newer tomcat8, upgrading to 9.2.30, backporting other fixes (Beuc)
---
libimage-exiftool-perl (Utkarsh)
--
libwebp (Anton Gladky)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5b791b93ffe1bcfa62408897253565adb4b2f9d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5b791b93ffe1bcfa62408897253565adb4b2f9d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210514/5e45acb2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list