Fedora has issued an advisory today (December 9):
The issue is fixed upstream in 3.12.0, but they patched 3.0.26.
Mageia 7 is also affected.
Assigning to DavidG as having done the last significant update to this.
CC'ing NicolasL as listed historically for the SRPM, in case!
fixed for cauldron
Updated resteasy packages fix security vulnerability:
A flaw was found in Resteasy, where an improper input validation results in
returning an illegal header that integrates into the server's response. This
flaw may result in an injection, which leads to unexpected behavior when the
HTTP response is constructed (CVE-2020-1695).
Updated packages in core/updates_testing:
After reading about previous resteasy updates in bug 13870 and bug 19718, I saw that a clean install was deemed sufficient as a test, so...
I installed resteasy from the repos. This drew in 119 dependencies, including all of the above packages except for resteasy-javadoc, so I followed up by installing that, too.
I then used QA Repo to download the 7 packages from Comment 3, and updated them using MCC. There were no installation issues, so I am giving this an OK, and validating. Advisory in Comment 3.
Advisory pushed to SVN.
An update for this issue has been pushed to the Mageia Updates repository.