[Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for a couple of tomcat9 issues

Mon, 24 Feb 2020 21:38:58 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2f360458 by Salvatore Bonaccorso at 2020-02-25T06:37:59+01:00
Track fixed version via unstable for a couple of tomcat9 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18177,7 +18177,7 @@ CVE-2020-1939
        RESERVED
 CVE-2020-1938 [Tomcat AJP local file inclusion]
        RESERVED
-       - tomcat9 <unfixed> (bug #952437)
+       - tomcat9 9.0.31-1 (bug #952437)
        - tomcat8 <removed> (bug #952438)
        - tomcat7 <removed> (bug #952436)
        NOTE: AJP disabled in Debian in default configuration since 2008
@@ -18204,7 +18204,7 @@ CVE-2020-1936
        RESERVED
 CVE-2020-1935
        RESERVED
-       - tomcat9 <unfixed>
+       - tomcat9 9.0.31-1
        - tomcat8 <removed>
        - tomcat7 <removed>
        NOTE: 
https://github.com/apache/tomcat/commit/8bfb0ff7f25fe7555a5eb2f7984f73546c11aa26
 (9.0.31)
@@ -26927,7 +26927,7 @@ CVE-2019-17570 (An untrusted deserialization was found 
in the org.apache.xmlrpc.
        NOTE: https://github.com/orangecertcc/xmlrpc-common-deserialization
 CVE-2019-17569
        RESERVED
-       - tomcat9 <unfixed>
+       - tomcat9 9.0.31-1
        - tomcat8 <removed>
        - tomcat7 <removed>
        NOTE: 
https://github.com/apache/tomcat/commit/060ecc5eb839208687b7fcc9e35287ac8eb46998
 (9.0.31)
@@ -26945,7 +26945,7 @@ CVE-2019-17564
        RESERVED
 CVE-2019-17563 (When using FORM authentication with Apache Tomcat 9.0.0.M1 to 
9.0.29,  ...)
        {DSA-4596-1 DLA-2077-1}
-       - tomcat9 <unfixed>
+       - tomcat9 9.0.31-1
        - tomcat8 <removed>
        - tomcat7 <removed>
        NOTE: 
https://github.com/apache/tomcat/commit/1ecba14e690cf5f3f143eef6ae7037a6d3c16652
 (9.0.30)
@@ -43609,7 +43609,7 @@ CVE-2019-12419 (Apache CXF before 3.3.4 and 3.2.11 
provides all of the component
        NOT-FOR-US: Apache CFX
 CVE-2019-12418 (When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 
and 7.0. ...)
        {DSA-4596-1 DLA-2077-1}
-       - tomcat9 <unfixed>
+       - tomcat9 9.0.31-1
        - tomcat8 <removed>
        - tomcat7 <removed>
        NOTE: 
https://github.com/apache/tomcat/commit/1fc9f589dbdd8295cf313b2667ab041c425f99c3
 (9.0.29)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f360458fde97267147408b955e0595127da0350

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2f360458fde97267147408b955e0595127da0350
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to