Update to upstream version 9.4.11. Fixes CVE-2017-7656, CVE-2017-7657, CVE-2017-7658.
sudo dnf upgrade --advisory=FEDORA-2018-48b73ed393
| submitted | a year ago |
| in testing | a year ago |
| in stable | a year ago |
| modified | a year ago |
| 0 | 0 | #1595620 CVE-2017-7657 jetty: HTTP request smuggling |
| 0 | 0 | #1595621 CVE-2017-7658 jetty: Incorrect header handling |
| 0 | 0 | #1595622 CVE-2017-7656 CVE-2017-7657 CVE-2017-7658 jetty: various flaws [fedora-all] |
| 0 | 0 | #1595639 CVE-2017-7656 jetty: HTTP request smuggling using the range header |
| 0 | 0 | #1597418 CVE-2018-12536 jetty: full server path revealed when using the default Error Handling |
| 0 | 0 | #1597419 CVE-2018-12536 jetty: full server path revealed when using the default Error Handling [fedora-all] |
msimacek
This update has been submitted for testing by msimacek.
This update has been pushed to testing.
Hallo @msimacek, in the Jetty CVE-announcement there are two more CVEs:
I looked at upstream's git and CVE-2018-12536 was only fixed in jetty-9.4.11.v20180605 for the 9.4.x branch. So Fedora 27 and 28 are affected by it and this update fixes it. I don't know why security team did not report CVE-2018-12536
Ah, my bad, they reported it, but I somehow missed the bug due to the low priority. Will add it now
msimacek edited this update.
EZ, thanks for the clarification and for taking care! best
works for me
Works for me. No regressions noted compared to previous version.
This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes
This update has been submitted for batched by msimacek.
This update has been submitted for stable by bodhi.
This update has been pushed to stable.