On 02.09.20 10:16, Rathore, Rajendra wrote: > Please let me know whether CVE-2020-8022 applicable to tomcat 8.5.57 or not, > if yes please let me know which release we fixing it.
The CVE states: "A Incorrect Default Permissions vulnerability in the *packaging of tomcat* on SUSE Enterprise Storage 5" i.e. it's rather SUSE's packaging than tomcat itself. Correct me if I'm wrong. If you're running any SUSE system, here are the releases that *they* fixed it: https://www.suse.com/de-de/security/cve/CVE-2020-8022/ I don't expect any update from the generic Apache distribution of Tomcat for this CVE, unless I've missed some information that was well hidden in the multitude of mentioned SUSE products in that report. Olaf --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
