Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
96da5ee1 by Salvatore Bonaccorso at 2021-08-11T08:54:41+02:00
Add note on tomcat9 regresssion for CVE-2021-30640
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18258,6 +18258,8 @@ CVE-2021-30640 (A vulnerability in the JNDI Realm of
Apache Tomcat allows an att
NOTE:
https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972
(8.5.66)
NOTE:
https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38
(8.5.66)
NOTE:
https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375
(8.5.66)
+ NOTE: Fix for CVE-2021-30640 introduced a regression:
+ NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65308
CVE-2021-30639 (A vulnerability in Apache Tomcat allows an attacker to
remotely trigge ...)
- tomcat9 <not-affected> (Vulnerable code introduced later in 9.0.44)
- tomcat8 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96da5ee18c0a61f724a75bef3155f2400ada6a85
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96da5ee18c0a61f724a75bef3155f2400ada6a85
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
