[Git][security-tracker-team/security-tracker][master] CVE-2023-36479,jetty9: mark it as fixed in unstable

Thu Sep 28 21:51:44 BST 2023


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cfd1c79c by Markus Koschany at 2023-09-28T22:51:25+02:00
CVE-2023-36479,jetty9: mark it as fixed in unstable

Upstream just declared the CGI class as deprecated and it will finally be
removed in the 12.x series. Apparently there are some rare corner cases that
make the use of the CGI servlet potentially unsafe. As an alternative there is
Fast CGI and I think most people would want to use this one. Hence it is ok in
my opinion to mark it as "fixed" (deprecated) and move on.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1857,7 +1857,7 @@ CVE-2023-36658 (An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996.
 CVE-2023-36657 (An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built ...)
 	NOT-FOR-US: OPSWAT MetaDefender KIOSK
 CVE-2023-36479 (Eclipse Jetty Canonical Repository is the canonical repository for the ...)
-	- jetty9 <unfixed>
+	- jetty9 9.4.52-1
 	NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
 	NOTE: https://github.com/eclipse/jetty.project/pull/9888
 	NOTE: Jetty 9.x, 10.x, and 11.x the org.eclipse.jetty.servlets.CGI has been deprecated



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfd1c79c39de9488c7ade0c1b826fd1b2ae3ff22

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfd1c79c39de9488c7ade0c1b826fd1b2ae3ff22
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230928/546562c1/attachment.htm>
