[Secure-testing-commits] r38985 - in data: . CVE DSA

Sun, 17 Jan 2016 07:30:06 -0800 

Author: carnil
Date: 2016-01-17 15:29:36 +0000 (Sun, 17 Jan 2016)
New Revision: 38985

Modified:
   data/CVE/list
   data/DSA/list
   data/dsa-needed.txt
Log:
Reserve DSA number for tomcat7

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-01-17 14:54:12 UTC (rev 38984)
+++ data/CVE/list       2016-01-17 15:29:36 UTC (rev 38985)
@@ -55409,7 +55409,7 @@
        {DLA-232-1}
        - tomcat6 6.0.41-3 (bug #785316)
        - tomcat7 7.0.55-1
-       [jessie] - tomcat7 <no-dsa> (Minor issue)
+       [wheezy] - tomcat7 7.0.28-4+deb7u3
        - tomcat8 8.0.9-1
        NOTE: tomcat6 in jessie only builds the servlet API classes
        NOTE: https://svn.apache.org/viewvc?view=revision&revision=1603781 (7.x)
@@ -55424,6 +55424,7 @@
        NOTE: Fixed in 
https://svn.apache.org/viewvc?view=revision&revision=1603628 (6.x)
        NOTE: Marked as fixed in 6.0.41-3 which only builds the 
libservlet2.5-java and libservlet2.5-java-doc packages
        - tomcat7 7.0.55-1
+       [wheezy] - tomcat7 7.0.28-4+deb7u3
        NOTE: Fixed in 
https://svn.apache.org/viewvc?view=revision&revision=1601333 (7.x)
        - tomcat8 8.0.9-1
        NOTE: Fixed in 
https://svn.apache.org/viewvc?view=revision&revision=1600984 (8.x)
@@ -55921,6 +55922,7 @@
 CVE-2014-0099 (Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java 
in ...)
        - tomcat8 8.0.5-1
        - tomcat7 7.0.53-1
+       [wheezy] - tomcat7 7.0.28-4+deb7u3
        - tomcat6 6.0.41-1
        NOTE: http://svn.apache.org/r1578814
 CVE-2014-0098 (The log_cookie function in mod_log_config.c in the 
mod_log_config ...)
@@ -56016,6 +56018,7 @@
 CVE-2014-0075 (Integer overflow in the parseChunkHeader function in ...)
        - tomcat8 8.0.5-1
        - tomcat7 7.0.53-1
+       [wheezy] - tomcat7 7.0.28-4+deb7u3
        - tomcat6 6.0.41-1
 CVE-2014-0074 (Apache Shiro 1.x before 1.2.3, when using an LDAP server with 
...)
        NOT-FOR-US: Apache Shiro
@@ -62686,6 +62689,7 @@
        NOT-FOR-US: Context Drupal contributed module
 CVE-2013-4444 (Unrestricted file upload vulnerability in Apache Tomcat 7.x 
before ...)
        - tomcat7 7.0.40-1
+       [wheezy] - tomcat7 7.0.28-4+deb7u3
        NOTE: https://svn.apache.org/viewvc?view=revision&revision=1470435
 CVE-2013-4443
        REJECTED

Modified: data/DSA/list
===================================================================
--- data/DSA/list       2016-01-17 14:54:12 UTC (rev 38984)
+++ data/DSA/list       2016-01-17 15:29:36 UTC (rev 38985)
@@ -1,3 +1,7 @@
+[17 Jan 2016] DSA-3447-1 tomcat7 - security update
+       {CVE-2014-7810}
+       [wheezy] - tomcat7 7.0.28-4+deb7u3
+       [jessie] - tomcat7 7.0.56-3+deb8u1
 [14 Jan 2016] DSA-3431-2 ganeti - regression update
        [wheezy] - ganeti 2.5.2-1+deb7u2
        [jessie] - ganeti 2.12.4-1+deb8u3

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2016-01-17 14:54:12 UTC (rev 38984)
+++ data/dsa-needed.txt 2016-01-17 15:29:36 UTC (rev 38985)
@@ -76,8 +76,5 @@
 --
 tomcat6
 --
-tomcat7
-  Maintainer prepared update for jessie-security. wheezy-security pending/wip
---
 wireshark
 --


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to