[Git][security-tracker-team/security-tracker][master] Mark undertow CVE as fixed in unstable

Markus Koschany (@apo) apo at debian.org
Fri Jan 3 16:39:22 GMT 2025 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f80d83eb by Markus Koschany at 2025-01-03T17:38:43+01:00
Mark undertow CVE as fixed in unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -36585,7 +36585,7 @@ CVE-2023-4025 (The Radio Player plugin for WordPress is vulnerable to unauthoriz
 CVE-2023-4024 (The Radio Player plugin for WordPress is vulnerable to unauthorized mo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-7885 (A vulnerability was found in Undertow where the ProxyProtocolReadListe ...)
-	- undertow <unfixed> (bug #1082854)
+	- undertow 2.3.18-1 (bug #1082854)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2305290
 	NOTE: Fixed by: https://github.com/undertow-io/undertow/commit/ce5182c37376982ef0abee34fce0d8c0aab0fab8 (2.2.36.Final)
 	NOTE: Fixed by: https://github.com/undertow-io/undertow/commit/80c125e09068ac52ed0a9acde266ef12f8ed7ae1 (2.3.17.Final)
@@ -46781,7 +46781,7 @@ CVE-2024-6123 (The Bit Form plugin for WordPress is vulnerable to arbitrary file
 CVE-2024-5974 (A buffer overflow in WatchGuard Fireware OS could may allow an authent ...)
 	NOT-FOR-US: WatchGuard Fireware OS
 CVE-2024-5971 (A vulnerability was found in Undertow, where the chunked response hang ...)
-	- undertow <unfixed> (bug #1077545)
+	- undertow 2.3.18-1 (bug #1077545)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2292211
 CVE-2024-5881 (The Webico Slider Flatsome Addons plugin for WordPress is vulnerable t ...)
 	NOT-FOR-US: WordPress plugin
@@ -46807,7 +46807,7 @@ CVE-2024-4944 (A local privilege escalation vlnerability in the WatchGuard Mobil
 CVE-2024-4667 (The Blog, Posts and Category Filter for Elementor plugin for WordPress ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-3653 (A vulnerability was found in Undertow. This issue requires enabling th ...)
-	- undertow <unfixed> (bug #1077547)
+	- undertow 2.3.18-1 (bug #1077547)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2274437
 CVE-2024-3410 (The DN Footer Contacts WordPress plugin before 1.6.3 does not sanitise ...)
 	NOT-FOR-US: WordPress plugin
@@ -91182,7 +91182,7 @@ CVE-2023-44308 (Open redirect vulnerability in adaptive media administration pag
 CVE-2022-48625 (Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key  ...)
 	NOT-FOR-US: Yealink
 CVE-2024-1635 (A vulnerability was found in Undertow. This vulnerability impacts a se ...)
-	- undertow <unfixed> (bug #1068817)
+	- undertow 2.3.18-1 (bug #1068817)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2264928
 CVE-2024-25983 (Insufficient checks in a web service made it possible to add comments  ...)
 	- moodle <removed>
@@ -92761,7 +92761,7 @@ CVE-2022-48623 (The Cpanel::JSON::XS package before 4.33 for Perl performs out-o
 CVE-2021-4437 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: lambda-middleware frameguard
 CVE-2024-1459 (A path traversal vulnerability was found in Undertow. This issue may a ...)
-	- undertow <unfixed> (bug #1068816)
+	- undertow 2.3.18-1 (bug #1068816)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2259475
 CVE-2024-1454 (The use-after-free vulnerability was found in the AuthentIC driver in  ...)
 	{DLA-4004-1}
@@ -93237,7 +93237,7 @@ CVE-2023-32341 (IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0
 CVE-2023-31506 (A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and ...)
 	NOT-FOR-US: Grav CMS
 CVE-2023-4639 (A flaw was found in Undertow, which incorrectly parses cookies with ce ...)
-	- undertow <unfixed> (bug #1063539)
+	- undertow 2.3.18-1 (bug #1063539)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2166022
 CVE-2023-3966 (A flaw was found in Open vSwitch where multiple versions are vulnerabl ...)
 	{DSA-5640-1}
@@ -125049,7 +125049,7 @@ CVE-2023-33934 (Improper Input Validation vulnerability in Apache Software Found
 CVE-2023-2905 (Due to a failure in validating the length of a provided MQTT_CMD_PUBLI ...)
 	NOT-FOR-US: Cesanta Mongoose
 CVE-2023-3223 (A flaw was found in undertow. Servlets annotated with @MultipartConfig ...)
-	- undertow <unfixed> (bug #1054893)
+	- undertow 2.3.18-1 (bug #1054893)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2209689
 	NOTE: https://github.com/undertow-io/undertow/pull/1521 (2.3.9.Final)
 	NOTE: https://github.com/undertow-io/undertow/pull/1523 (backport, 2.2.27.Final)
@@ -139210,7 +139210,7 @@ CVE-2023-30469 (Cross-site Scripting vulnerability in Hitachi Ops Center Analyze
 CVE-2023-30468
 	RESERVED
 CVE-2023-1973 (A flaw was found in Undertow package. Using the FormAuthenticationMech ...)
-	- undertow <unfixed> (bug #1068815)
+	- undertow 2.3.18-1 (bug #1068815)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185662
 CVE-2023-30467 (This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS- ...)
 	NOT-FOR-US: Milesight



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f80d83eb13607e1e85d9c86333ed3ee6ab298687

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f80d83eb13607e1e85d9c86333ed3ee6ab298687
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250103/28d8be95/attachment.htm>

More information about the debian-security-tracker-commits mailing list