[Git][security-tracker-team/security-tracker][master] resteasy updates

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jul 13 12:40:12 BST 2022 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8e9423f5 by Moritz Muehlenhoff at 2022-07-13T13:39:52+02:00
resteasy updates

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -111595,9 +111595,8 @@ CVE-2021-20294 (A flaw was found in binutils readelf 2.35 program. An attacker w
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=372dd157272e0674d13372655cc60eaca9c06926
 	NOTE: binutils not covered by security support
 CVE-2021-20293 (A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in a ...)
-	- resteasy <undetermined>
-	- resteasy3.0 <undetermined>
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1942819
+	NOTE: Disputed by Resteasy upstream, needs to be fixed in applications using Resteasy
+	NOTE: https://issues.redhat.com/browse/RESTEASY-3020
 CVE-2021-20292 (There is a flaw reported in the Linux kernel in versions before 5.9 in ...)
 	{DLA-2689-1}
 	- linux 5.7.17-1
@@ -128598,11 +128597,10 @@ CVE-2020-25725 (In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) Spl
 	- xpdf <not-affected> (Debian uses poppler, which is not affected)
 	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41915
 CVE-2020-25724 (A flaw was found in RESTEasy, where an incorrect response to an HTTP r ...)
-	- resteasy <unfixed>
-	- resteasy3.0 <unfixed>
-	[bullseye] - resteasy3.0 <no-dsa> (Minor issue)
-	[buster] - resteasy3.0 <no-dsa> (Minor issue)
+	- resteasy <not-affected> (Fixed before initial upload to archive)
+	- resteasy3.0 <not-affected> (Fixed before initial upload to archive)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1899354 (lacks details ATM)
+	NOTE: https://security.snyk.io/vuln/SNYK-JAVA-IOQUARKUS-1300848
 CVE-2020-25723 (A reachable assertion issue was found in the USB EHCI emulation code o ...)
 	{DLA-2469-1}
 	- qemu 1:5.2+dfsg-1 (bug #975276)
@@ -129054,6 +129052,10 @@ CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of RESTEasy
 	[bullseye] - resteasy3.0 <ignored> (Minor issue)
 	[buster] - resteasy3.0 <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879042
+	NOTE: https://issues.redhat.com/browse/RESTEASY-2721
+	NOTE: https://issues.redhat.com/browse/RESTEASY-2728
+	NOTE: https://issues.redhat.com/browse/RESTEASY-2781
+	NOTE: Fixed in 3.11.3, 4.6.0, 3.14.0, 4.4.3, 3.5.9
 CVE-2020-25632 (A flaw was found in grub2 in versions prior to 2.06. The rmmod impleme ...)
 	{DSA-4867-1}
 	- grub2 2.04-16
@@ -166082,7 +166084,7 @@ CVE-2020-10689 (A flaw was found in the Eclipse Che up to version 7.8.x, where i
 	NOT-FOR-US: Eclipse Che
 CVE-2020-10688 (A cross-site scripting (XSS) flaw was found in RESTEasy in versions be ...)
 	- resteasy <unfixed> (bug #970328)
-	- resteasy3.0 <undetermined>
+	- resteasy3.0 <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814974
 	NOTE: https://github.com/quarkusio/quarkus/issues/7248
 	NOTE: https://issues.redhat.com/browse/RESTEASY-2519 (restricted)
@@ -190327,7 +190329,7 @@ CVE-2020-1696 (A flaw was found in the all pki-core 10.x.x versions, where Token
 	[bullseye] - dogtag-pki <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1780707
 CVE-2020-1695 (A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final  ...)
-	- resteasy <undetermined>
+	- resteasy <unfixed>
 	- resteasy3.0 3.0.26-2
 	[buster] - resteasy3.0 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1730462



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e9423f5c8e7ea3286bcbabe047b1f19575e3293

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e9423f5c8e7ea3286bcbabe047b1f19575e3293
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220713/5e19aca2/attachment.htm>

More information about the debian-security-tracker-commits mailing list