Author: opal Date: 2017-08-19 08:05:47 +0000 (Sat, 19 Aug 2017) New Revision: 54869
Modified: data/CVE/list Log: Not vulnerable. Modified: data/CVE/list =================================================================== --- data/CVE/list 2017-08-19 07:58:39 UTC (rev 54868) +++ data/CVE/list 2017-08-19 08:05:47 UTC (rev 54869) @@ -15145,14 +15145,12 @@ - tomcat8 8.5.16-1 - tomcat7 7.0.72-3 [jessie] - tomcat7 <postponed> (Can be fixed along in a future update) + [wheezy] - tomcat7 <not-affected> (Vulnerable code not present) NOTE: NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API NOTE: Fixed by: http://svn.apache.org/r1795814 (8.5.x) NOTE: Fixed by: http://svn.apache.org/r1795815 (8.0.x) NOTE: Fixed by: http://svn.apache.org/r1795816 (7.0.x) NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61101 - NOTE: For wheezy it is not clear whether the vulnerability is there or not. The source - NOTE: do not contain the modified file but no other file set the Vary header either. - NOTE: Further triaging is needed for wheezy. CVE-2017-7673 (Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, ...) NOT-FOR-US: Apache OpenMeetings CVE-2017-7672 (If an application allows enter an URL in a form field and built-in ...) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits