Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3daa7370 by Salvatore Bonaccorso at 2020-02-25T06:35:18+01:00
Add tracking bugs for CVE-2019-10072
It looks back then when filling the bug we (I) missed to add then back
the reference, even resulting in a doubled bug from me for tomcat9. List
all the related bugs now.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -50235,8 +50235,8 @@ CVE-2019-10074 (An RCE is possible by entering
Freemarker markup in an Apache OF
CVE-2019-10073 (The "Blog", "Forum", "Contact Us" screens of the template
"ecommerce" ...)
NOT-FOR-US: Apache OFBiz
CVE-2019-10072 (The fix for CVE-2019-0199 was incomplete and did not address
HTTP/2 co ...)
- - tomcat9 9.0.22-1 (bug #931131)
- - tomcat8 <removed>
+ - tomcat9 9.0.22-1 (bug #931131; bug #930872)
+ - tomcat8 <removed> (bug #30873)
[stretch] - tomcat8 <not-affected> (Incomplete fix for CVE-2019-0199
not applied)
[jessie] - tomcat8 <not-affected> (HTTP/2 support not implemented)
NOTE:
https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3daa7370cd2344ca43879266de2ce81fb620f119
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3daa7370cd2344ca43879266de2ce81fb620f119
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
