Re: regarding CVE-2020-8022 applicable to tomcat 8.5.57
On 02/09/2020 09:28, Olaf Kock wrote: > > On 02.09.20 10:16, Rathore, Rajendra wrote: >> Please let me know whether CVE-2020-8022 applicable to tomcat 8.5.57 or not, >> if yes please let me know which release we fixing it. > > > The CVE states: > > "A Incorrect Default Permissions vulnerability in the *packaging of > tomcat* on SUSE Enterprise Storage 5" > > i.e. it's rather SUSE's packaging than tomcat itself. Correct me if I'm > wrong. > > If you're running any SUSE system, here are the releases that *they* > fixed it: https://www.suse.com/de-de/security/cve/CVE-2020-8022/ > > I don't expect any update from the generic Apache distribution of Tomcat > for this CVE, unless I've missed some information that was well hidden > in the multitude of mentioned SUSE products in that report. Correct. This is a SUSE issue, not a Tomcat issue. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: regarding CVE-2020-8022 applicable to tomcat 8.5.57
On 02.09.20 10:16, Rathore, Rajendra wrote: > Please let me know whether CVE-2020-8022 applicable to tomcat 8.5.57 or not, > if yes please let me know which release we fixing it. The CVE states: "A Incorrect Default Permissions vulnerability in the *packaging of tomcat* on SUSE Enterprise Storage 5" i.e. it's rather SUSE's packaging than tomcat itself. Correct me if I'm wrong. If you're running any SUSE system, here are the releases that *they* fixed it: https://www.suse.com/de-de/security/cve/CVE-2020-8022/ I don't expect any update from the generic Apache distribution of Tomcat for this CVE, unless I've missed some information that was well hidden in the multitude of mentioned SUSE products in that report. Olaf - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
regarding CVE-2020-8022 applicable to tomcat 8.5.57
Hi Team, Please let me know whether CVE-2020-8022 applicable to tomcat 8.5.57 or not, if yes please let me know which release we fixing it. Thanks and Regards, Rajendra Rathore 9922701491