RedHat has issued an advisory today (November 23): https://access.redhat.com/errata/RHSA-2020:5168 Upstream advisory: https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6 RedHat bug has link to upstream commit that fixed the issue (needed for jetty8): https://bugzilla.redhat.com/show_bug.cgi?id=1891132 The issue is fixed upstream in 9.4.33 (already in Cauldron).
Depends on: (none) => 27921
SUSE has issued an advisory on December 22: https://lists.suse.com/pipermail/sle-security-updates/2020-December/008114.html The issue is fixed upstream in 9.4.35. Upstream advisory: https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8 I don't think this one affects jetty8.
Summary: jetty new security issue CVE-2020-27216 => jetty new security issues CVE-2020-2721[68]
*** Bug 27921 has been marked as a duplicate of this bug. ***
Depends on: 27921 => (none)
Status comment: (none) => Fixed upstream in 9.4.35, jetty8 also needs to be patched
openSUSE has issued an advisory for CVE-2020-27218 today (January 4): https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/V4MZVOK35CIZLLLRF4FF6YZSQWFZO7UA/
Debian-LTS has issued an advisory on May 14: https://www.debian.org/lts/security/2021/dla-2661 These issues were fixed upstream in 9.4.16 and 9.4.17.
Summary: jetty new security issues CVE-2020-2721[68] => jetty new security issues CVE-2019-1024[17] and CVE-2020-2721[68]
Depends on: (none) => 29034
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/
Resolution: (none) => OLDStatus: NEW => RESOLVED