| Summary: | jetty new security issues CVE-2019-1024[17] and CVE-2020-2721[68] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | Java Stack Maintainers <java> |
| Status: | RESOLVED OLD | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | ||
| Version: | 7 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | jetty-9.4.14-1.v20181114.1.mga7.src.rpm, jetty8-8.1.17-6.mga7.src.rpm | CVE: | |
| Status comment: | Fixed upstream in 9.4.35, jetty8 also needs to be patched | ||
| Bug Depends on: | 29034 | ||
| Bug Blocks: | |||
|
Description
David Walser
2020-11-23 16:21:43 CET
David Walser
2020-12-24 16:35:54 CET
Depends on:
(none) =>
27921 SUSE has issued an advisory on December 22: https://lists.suse.com/pipermail/sle-security-updates/2020-December/008114.html The issue is fixed upstream in 9.4.35. Upstream advisory: https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8 I don't think this one affects jetty8. Summary:
jetty new security issue CVE-2020-27216 =>
jetty new security issues CVE-2020-2721[68]
David Walser
2020-12-28 19:04:04 CET
Status comment:
(none) =>
Fixed upstream in 9.4.35, jetty8 also needs to be patched openSUSE has issued an advisory for CVE-2020-27218 today (January 4): https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/V4MZVOK35CIZLLLRF4FF6YZSQWFZO7UA/ Debian-LTS has issued an advisory on May 14: https://www.debian.org/lts/security/2021/dla-2661 These issues were fixed upstream in 9.4.16 and 9.4.17. Summary:
jetty new security issues CVE-2020-2721[68] =>
jetty new security issues CVE-2019-1024[17] and CVE-2020-2721[68]
David Walser
2021-05-30 00:19:16 CEST
Depends on:
(none) =>
29034 https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/ Resolution:
(none) =>
OLD |