[Git][security-tracker-team/security-tracker][master] new jetty issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7a9d12b1 by Moritz Mühlenhoff at 2024-10-18T17:06:59+02:00
new jetty issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1208,7 +1208,10 @@ CVE-2024-9936 (When manipulating the selection node cache, an attacker may have
 	- firefox 131.0.3-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2024-53/#CVE-2024-9936
 CVE-2024-9823 (There exists a security vulnerability in Jetty's DosFilter which can b ...)
-	TODO: check
+	- jetty9 9.4.56-1
+	- jetty <removed>
+	NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq
+	NOTE: https://github.com/jetty/jetty.project/pull/11723
 CVE-2024-9139 (The affected product permits OS command injection through improperly r ...)
 	NOT-FOR-US: Moxa
 CVE-2024-9137 (The affected product lacks an authentication check when sending comman ...)
@@ -1216,13 +1219,25 @@ CVE-2024-9137 (The affected product lacks an authentication check when sending c
 CVE-2024-8602 (When the XML is read from the codes in the PDF and parsed using a Docu ...)
 	NOT-FOR-US: DocumentBuilder
 CVE-2024-8184 (There exists a security vulnerability in Jetty's ThreadLimitHandler.ge ...)
-	TODO: check
+	- jetty9 9.4.56-1
+	- jetty <removed>
+	NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-g8m5-722r-8whq
+	NOTE: https://github.com/jetty/jetty.project/pull/11723
 CVE-2024-7847 (VULNERABILITY DETAILS  Rockwell Automation used the latest versions of ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2024-6763 (Eclipse Jetty is a lightweight, highly scalable, Java-based web server ...)
-	TODO: check
+	- jetty9 <unfixed>
+	- jetty <removed>
+	NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh
+	NOTE: https://github.com/jetty/jetty.project/pull/12012
 CVE-2024-6762 (Jetty PushSessionCacheFilter can be exploited by unauthenticated users ...)
-	TODO: check
+	- jetty9 <unfixed>
+	- jetty <removed>
+	NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-r7m4-f9h5-gr79
+	NOTE: https://github.com/jetty/jetty.project/pull/9715
+	NOTE: https://github.com/jetty/jetty.project/pull/9716
+	NOTE: https://github.com/jetty/jetty.project/pull/10756
+	NOTE: https://github.com/jetty/jetty.project/pull/10755
 CVE-2024-48799 (An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows ...)
 	NOT-FOR-US: LOREX
 CVE-2024-48798 (An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a9d12b10fbb2c34d3015131b736db347afb6a60

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a9d12b10fbb2c34d3015131b736db347afb6a60
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241018/ec78a418/attachment.htm>