Abhijith PA pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4653e519 by Abhijith PA at 2020-03-23T00:25:20+05:30
Backport can be too intrusive. Patch
https://github.com/apache/tomcat/commit/8fbe2e9·tries·to·modify
usage·of·a·function·ApplicationBufferHandler·in CR & LF checks
in Http11InputBuffer.java. Backporting this need lot of another
patches. Another is renaming·of·an·API·from
rejectIllegalHeaderName·to·rejectIllegalHeader. This one looks
unnecessary and not related to CVE-2020-1935.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21655,6 +21655,7 @@ CVE-2020-1935 (In Apache Tomcat 9.0.0.M1 to 9.0.30,
8.5.0 to 8.5.50 and 7.0.0 to
{DLA-2133-1}
- tomcat9 9.0.31-1
- tomcat8 <removed>
+ [jessie] - tomcat8 <no-dsa> (backport is too intrusive)
- tomcat7 <removed>
NOTE:
https://github.com/apache/tomcat/commit/8bfb0ff7f25fe7555a5eb2f7984f73546c11aa26
(9.0.31)
NOTE:
https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56
(8.5.51)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4653e5191e7942ce96a4efc222ca205d1196f86c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4653e5191e7942ce96a4efc222ca205d1196f86c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
