Hallo @msimacek,
in the Jetty CVE-announcement there are two more CVEs:
https://dev.eclipse.org/mhonarc/lists/jetty-dev/msg03191.html
- CVE-2018-12536
- CVE-2018-12538
and I understand that Fedora 28 isn't affected by CVE-2018-12538 because of the version used before. But can You confirm that Fedora 27 and 28 are not affected by CVE-2018-12536?
Versions affected:
EOL releases - 9.2.x and older (all configurations)
9.3.x (all configurations)
9.4.x (all configurations)
Thanks
I looked at upstream's git and CVE-2018-12536 was only fixed in jetty-9.4.11.v20180605 for the 9.4.x branch. So Fedora 27 and 28 are affected by it and this update fixes it. I don't know why security team did not report CVE-2018-12536
This update has been submitted for testing by msimacek.
This update has been pushed to testing.
Hallo @msimacek, in the Jetty CVE-announcement there are two more CVEs:
I looked at upstream's git and CVE-2018-12536 was only fixed in jetty-9.4.11.v20180605 for the 9.4.x branch. So Fedora 27 and 28 are affected by it and this update fixes it. I don't know why security team did not report CVE-2018-12536
Ah, my bad, they reported it, but I somehow missed the bug due to the low priority. Will add it now
msimacek edited this update.
EZ, thanks for the clarification and for taking care! best
works for me
Works for me. No regressions noted compared to previous version.
This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes
This update has been submitted for batched by msimacek.
This update has been submitted for stable by bodhi.
This update has been pushed to stable.