Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ea9d9367 by Salvatore Bonaccorso at 2026-07-08T09:22:24+02:00
Remove notes from one rejected CVE

Rejected Reason: The Undertow web server enforces a default maximum HTTP
request entity size limit. Any request (including GET or HEAD)
containing a body that exceeds this configurable limit is safely dropped
by the server, preventing single-request Resource Exhaustion (Out of
Memory) Denial of Service attacks.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -69869,8 +69869,6 @@ CVE-2026-3509 (An unauthenticated remote attacker may 
be able to control the for
        NOT-FOR-US: CODESYS
 CVE-2026-3260
        REJECTED
-       - undertow <unfixed> (bug #1134949)
-       NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2443010
 CVE-2026-3225 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress 
is vul ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-3138 (The Product Filter for WooCommerce by WBW plugin for WordPress 
is vuln ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea9d936715e3d7242148d7d1dc4fadb997856980

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea9d936715e3d7242148d7d1dc4fadb997856980
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to