Author: carnil
Date: 2015-05-19 15:41:12 +0000 (Tue, 19 May 2015)
New Revision: 34343
Modified:
data/CVE/list
Log:
Add CVE-2014-7810/tomcat{6,7,8}, left TODO item for now
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-05-19 15:38:21 UTC (rev 34342)
+++ data/CVE/list 2015-05-19 15:41:12 UTC (rev 34343)
@@ -16581,8 +16581,15 @@
NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2014-7811 (Multiple cross-site scripting (XSS) vulnerabilities in
Spacewalk and ...)
NOT-FOR-US: Red Hat Satellite / Spacewalk
-CVE-2014-7810
+CVE-2014-7810 [security manager bypass via EL expressions]
RESERVED
+ - tomcat6 6.0.41-3
+ NOTE: Marked as fixed in 6.0.41-3 which only builds the
libservlet2.5-java and libservlet2.5-java-doc packages
+ - tomcat7 7.0.61-1
+ - tomcat8 8.0.21-2
+ NOTE: http://svn.apache.org/viewvc?view=revision&revision=1644019
+ NOTE: http://svn.apache.org/viewvc?view=revision&revision=1645644
+ TODO: check
CVE-2014-7809 (Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses
predictable ...)
- libstruts1.2-java <not-affected> (Struts 2.0.0 through to Struts
2.3.16.3)
CVE-2014-7808
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
