Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: b4f06892 by Markus Koschany at 2020-09-14T23:32:24+02:00 Triage CVE-2020-10719,undertow Upstream bug report is not public. The issue was fixed in 2.1.1-1. Most likely fixing commit is https://github.com/undertow-io/undertow/commit/bfc8fbd67f6b3dd96702b363f61cf805baf3c6cf found with diff between version 2.1.0 and 2.1.1. - - - - - d95129a9 by Markus Koschany at 2020-09-14T23:32:25+02:00 Triage CVE-2020-1757,undertow. Fixed in version 2.1.1-1 - - - - - ce7282ce by Markus Koschany at 2020-09-14T23:32:26+02:00 Triage CVE-2020-10705,undertow Fixed in version 2.1.1-1 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -34816,8 +34816,10 @@ CVE-2020-10720 (A flaw was found in the Linux kernel's implementation of GRO in NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1781204 NOTE: Fixed by: https://git.kernel.org/linus/a4270d6795b0580287453ea55974d948393e66ef CVE-2020-10719 (A flaw was found in Undertow in versions before 2.1.1.Final, regarding ...) - - undertow <unfixed> (bug #969913) + - undertow 2.1.1-1 (bug #969913) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1828459 + NOTE: https://issues.redhat.com/browse/UNDERTOW-1708 (not public) + NOTE: most likely fixed by https://github.com/undertow-io/undertow/commit/bfc8fbd67f6b3dd96702b363f61cf805baf3c6cf CVE-2020-10718 RESERVED - wildfly <itp> (bug #752018) @@ -34865,8 +34867,9 @@ CVE-2020-10707 CVE-2020-10706 (A flaw was found in OpenShift Container Platform where OAuth tokens ar ...) NOT-FOR-US: OpenShift CVE-2020-10705 (A flaw was discovered in Undertow in versions before Undertow 2.1.1.Fi ...) - - undertow <undetermined> + - undertow 2.1.1-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1803241 + NOTE: https://github.com/undertow-io/undertow/commit/b53d4589c586e8bbdcc89ed60f32cd7977e9a4f4 CVE-2020-10704 (A flaw was found when using samba as an Active Directory Domain Contro ...) - samba 2:4.12.3+dfsg-2 (bug #960188) [buster] - samba <postponed> (Can be fixed along in future DSA) @@ -58480,8 +58483,11 @@ CVE-2020-1759 (A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat O CVE-2020-1758 (A flaw was found in Keycloak in versions before 10.0.0, where it does ...) NOT-FOR-US: Keycloak CVE-2020-1757 (A flaw was found in all undertow-2.x.x SP1 versions prior to undertow- ...) - - undertow <unfixed> + - undertow 2.1.1-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1752770 + NOTE: https://issues.redhat.com/browse/UNDERTOW-1464 + NOTE: https://issues.redhat.com/browse/UNDERTOW-1671 + NOTE: https://github.com/undertow-io/undertow/pull/871 CVE-2020-1756 RESERVED CVE-2020-1755 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2e2963c0f4d5b95d9d907546584b6ac812b1c1f7...ce7282ced9156c1cd58c85dccf9c631ea742d4fc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2e2963c0f4d5b95d9d907546584b6ac812b1c1f7...ce7282ced9156c1cd58c85dccf9c631ea742d4fc You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits