[Git][security-tracker-team/security-tracker][master] new jetty issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri May 9 09:21:42 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
15dc33c0 by Moritz Muehlenhoff at 2025-05-09T10:21:26+02:00
new jetty issues
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -97,7 +97,11 @@ CVE-2025-28073 (phpList 3.6.3 is vulnerable to Reflected Cross-Site Scripting (X
CVE-2025-27695 (Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authe ...)
NOT-FOR-US: Dell / EMC
CVE-2025-1948 (In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client ...)
- TODO: check
+ - jetty12 12.0.17-1
+ - jetty9 <not-affected> (Only affects 12.x)
+ - jetty <not-affected> (Only affects 12.x)
+ NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8
+ NOTE: https://github.com/jetty/jetty.project/issues/12690
CVE-2025-1254 (Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext P ...)
NOT-FOR-US: RTI Connext Professional (Core Libraries)
CVE-2025-1253 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...)
@@ -113,7 +117,11 @@ CVE-2024-8100 (On affected versions of the Arista CloudVision Portal (CVP on-pre
CVE-2024-6648 (Absolute Path Traversal vulnerability in AP Page Builder versions prio ...)
NOT-FOR-US: AP Page Builder
CVE-2024-13009 (In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly ...)
- TODO: check
+ - jetty12 <not-affected> (Only affects 9.x)
+ - jetty9 9.4.57-1
+ - jetty <not-affected> (Only affects 9.x)
+ NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5
+ NOTE: https://gitlab.eclipse.org/security/cve-assignement/-/issues/48
CVE-2024-12378 (On affected platforms running Arista EOS with secure Vxlan configured, ...)
NOT-FOR-US: Arista Networks
CVE-2024-11186 (On affected versions of the CloudVision Portal, improper access contro ...)
=====================================
data/DSA/list
=====================================
@@ -68,7 +68,7 @@
{CVE-2025-31115}
[bookworm] - xz-utils 5.4.1-1
[05 Apr 2025] DSA-5894-1 jetty9 - security update
- {CVE-2024-6762 CVE-2024-8184 CVE-2024-9823}
+ {CVE-2024-6762 CVE-2024-8184 CVE-2024-9823 CVE-2024-13009}
[bookworm] - jetty9 9.4.57-0+deb12u1
[05 Apr 2025] DSA-5893-1 tomcat10 - security update
{CVE-2025-24813}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15dc33c0f7a720f039a974fcd818b94de29b3a36
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15dc33c0f7a720f039a974fcd818b94de29b3a36
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250509/e02299a6/attachment.htm>
More information about the debian-security-tracker-commits
mailing list