On 02/09/2020 09:28, Olaf Kock wrote: > > On 02.09.20 10:16, Rathore, Rajendra wrote: >> Please let me know whether CVE-2020-8022 applicable to tomcat 8.5.57 or not, >> if yes please let me know which release we fixing it. > > > The CVE states: > > "A Incorrect Default Permissions vulnerability in the *packaging of > tomcat* on SUSE Enterprise Storage 5" > > i.e. it's rather SUSE's packaging than tomcat itself. Correct me if I'm > wrong. > > If you're running any SUSE system, here are the releases that *they* > fixed it: https://www.suse.com/de-de/security/cve/CVE-2020-8022/ > > I don't expect any update from the generic Apache distribution of Tomcat > for this CVE, unless I've missed some information that was well hidden > in the multitude of mentioned SUSE products in that report.
Correct. This is a SUSE issue, not a Tomcat issue. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org