Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ea9d9367 by Salvatore Bonaccorso at 2026-07-08T09:22:24+02:00
Remove notes from one rejected CVE
Rejected Reason: The Undertow web server enforces a default maximum HTTP
request entity size limit. Any request (including GET or HEAD)
containing a body that exceeds this configurable limit is safely dropped
by the server, preventing single-request Resource Exhaustion (Out of
Memory) Denial of Service attacks.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -69869,8 +69869,6 @@ CVE-2026-3509 (An unauthenticated remote attacker may
be able to control the for
NOT-FOR-US: CODESYS
CVE-2026-3260
REJECTED
- - undertow <unfixed> (bug #1134949)
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2443010
CVE-2026-3225 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress
is vul ...)
NOT-FOR-US: WordPress plugin
CVE-2026-3138 (The Product Filter for WooCommerce by WBW plugin for WordPress
is vuln ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea9d936715e3d7242148d7d1dc4fadb997856980
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea9d936715e3d7242148d7d1dc4fadb997856980
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits