[Secure-testing-commits] r34343 - data/CVE

Salvatore Bonaccorso Tue, 19 May 2015 08:42:00 -0700

Author: carnil
Date: 2015-05-19 15:41:12 +0000 (Tue, 19 May 2015)
New Revision: 34343


Modified:
   data/CVE/list
Log:
Add CVE-2014-7810/tomcat{6,7,8}, left TODO item for now

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-05-19 15:38:21 UTC (rev 34342)
+++ data/CVE/list       2015-05-19 15:41:12 UTC (rev 34343)
@@ -16581,8 +16581,15 @@
        NOT-FOR-US: Red Hat Satellite / Spacewalk
 CVE-2014-7811 (Multiple cross-site scripting (XSS) vulnerabilities in 
Spacewalk and ...)
        NOT-FOR-US: Red Hat Satellite / Spacewalk
-CVE-2014-7810
+CVE-2014-7810 [security manager bypass via EL expressions]
        RESERVED
+       - tomcat6 6.0.41-3
+       NOTE: Marked as fixed in 6.0.41-3 which only builds the 
libservlet2.5-java and libservlet2.5-java-doc packages
+       - tomcat7 7.0.61-1
+       - tomcat8 8.0.21-2
+       NOTE: http://svn.apache.org/viewvc?view=revision&revision=1644019
+       NOTE: http://svn.apache.org/viewvc?view=revision&revision=1645644
+       TODO: check
 CVE-2014-7809 (Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses 
predictable ...)
        - libstruts1.2-java <not-affected> (Struts 2.0.0 through to Struts 
2.3.16.3)
 CVE-2014-7808


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r34343 - data/CVE

Reply via email to