Author: opal
Date: 2017-08-19 08:05:47 +0000 (Sat, 19 Aug 2017)
New Revision: 54869
Modified:
data/CVE/list
Log:
Not vulnerable.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-19 07:58:39 UTC (rev 54868)
+++ data/CVE/list 2017-08-19 08:05:47 UTC (rev 54869)
@@ -15145,14 +15145,12 @@
- tomcat8 8.5.16-1
- tomcat7 7.0.72-3
[jessie] - tomcat7 <postponed> (Can be fixed along in a future update)
+ [wheezy] - tomcat7 <not-affected> (Vulnerable code not present)
NOTE: NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
NOTE: Fixed by: http://svn.apache.org/r1795814 (8.5.x)
NOTE: Fixed by: http://svn.apache.org/r1795815 (8.0.x)
NOTE: Fixed by: http://svn.apache.org/r1795816 (7.0.x)
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61101
- NOTE: For wheezy it is not clear whether the vulnerability is there or
not. The source
- NOTE: do not contain the modified file but no other file set the Vary
header either.
- NOTE: Further triaging is needed for wheezy.
CVE-2017-7673 (Apache OpenMeetings 1.0.0 uses not very strong cryptographic
storage, ...)
NOT-FOR-US: Apache OpenMeetings
CVE-2017-7672 (If an application allows enter an URL in a form field and
built-in ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
