Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9656ff94 by Abhijith PA at 2020-03-20T12:05:47+05:30 Regression is on the usage of lately introduced class called TokenList(which is more of a parser module) in transfer-encoding parsing. https://github.com/apache/tomcat/commit/8b2d892e6544beb33b61ebbe850bd44c1402a882#diff-a0b19250cb9e355364c476929e385e6f https://bz.apache.org/bugzilla/show_bug.cgi?id=63864 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -30160,6 +30160,7 @@ CVE-2019-17569 (The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.4 - tomcat9 9.0.31-1 - tomcat8 <removed> - tomcat7 <removed> + [jessie] - tomcat8 <not-affected> (vulnerable code introduced in later version) NOTE: https://github.com/apache/tomcat/commit/060ecc5eb839208687b7fcc9e35287ac8eb46998 (9.0.31) NOTE: https://github.com/apache/tomcat/commit/959f1dfd767bf3cb64776b44f7395d1d8d8f7ab3 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/b191a0d9cf06f4e04257c221bfe41d2b108a9cc8 (7.0.100) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9656ff944063c97721250e5f0126266452353390 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9656ff944063c97721250e5f0126266452353390 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
