[Git][security-tracker-team/security-tracker][master] new jetty issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Mar 6 07:20:02 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
54153015 by Moritz Muehlenhoff at 2026-03-06T08:19:37+01:00
new jetty issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -125,7 +125,8 @@ CVE-2026-21621 (Incorrect Authorization vulnerability in hexpm hexpm/hexpm ('Eli
 CVE-2026-1720 (The WowOptin: Next-Gen Popup Maker \u2013 Create Stunning Popups and O ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-1605 (In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class Gzi ...)
-	TODO: check
+	- jetty12 12.0.32-1
+	NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-xxh7-fcf3-rj7f
 CVE-2025-7375 (A denial-of-service (DoS) vulnerability was identified in Omada EAP610 ...)
 	NOT-FOR-US: TPLink
 CVE-2025-70616 (A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnB ...)
@@ -154,7 +155,10 @@ CVE-2025-13350 (Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector
 	- linux <not-affected> (Ubuntu-specific backport issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/03/05/7
 CVE-2025-11143 (The Jetty URI parser has some key differences to other common parsers  ...)
-	TODO: check
+	- jetty12 12.0.32-1
+	- jetty9 <unfixed>
+	- jetty <removed>
+	NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-wjpw-4j6x-6rwh
 CVE-2024-43035 (Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arb ...)
 	TODO: check
 CVE-2026-3523 (The Apocalypse Meow plugin for WordPress is vulnerable to SQL Injectio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/541530158fa94ca4fca6926644970b40ac7356fd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/541530158fa94ca4fca6926644970b40ac7356fd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260306/9000e7fa/attachment.htm>

More information about the debian-security-tracker-commits mailing list