Author: carnil Date: 2015-05-19 15:41:12 +0000 (Tue, 19 May 2015) New Revision: 34343
Modified: data/CVE/list Log: Add CVE-2014-7810/tomcat{6,7,8}, left TODO item for now Modified: data/CVE/list =================================================================== --- data/CVE/list 2015-05-19 15:38:21 UTC (rev 34342) +++ data/CVE/list 2015-05-19 15:41:12 UTC (rev 34343) @@ -16581,8 +16581,15 @@ NOT-FOR-US: Red Hat Satellite / Spacewalk CVE-2014-7811 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and ...) NOT-FOR-US: Red Hat Satellite / Spacewalk -CVE-2014-7810 +CVE-2014-7810 [security manager bypass via EL expressions] RESERVED + - tomcat6 6.0.41-3 + NOTE: Marked as fixed in 6.0.41-3 which only builds the libservlet2.5-java and libservlet2.5-java-doc packages + - tomcat7 7.0.61-1 + - tomcat8 8.0.21-2 + NOTE: http://svn.apache.org/viewvc?view=revision&revision=1644019 + NOTE: http://svn.apache.org/viewvc?view=revision&revision=1645644 + TODO: check CVE-2014-7809 (Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable ...) - libstruts1.2-java <not-affected> (Struts 2.0.0 through to Struts 2.3.16.3) CVE-2014-7808 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits