[Secure-testing-commits] r32127 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Feb 10 06:10:41 UTC 2015
Author: carnil
Date: 2015-02-10 06:10:41 +0000 (Tue, 10 Feb 2015)
New Revision: 32127
Modified:
data/CVE/list
Log:
Mark version in unstable as fixed, add TODO back to double check CVE-2014-0227
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-10 06:05:09 UTC (rev 32126)
+++ data/CVE/list 2015-02-10 06:10:41 UTC (rev 32127)
@@ -29107,13 +29107,15 @@
NOT-FOR-US: Apache Hive
CVE-2014-0227 [Request Smuggling]
RESERVED
- - tomcat6 <unfixed>
+ - tomcat6 6.0.41-3
NOTE: Fixed in https://svn.apache.org/viewvc?view=revision&revision=1603628 (6.x)
+ NOTE: Marked as fixed in 6.0.41-3 which only builds the libservlet2.5-java and libservlet2.5-java-doc packages
- tomcat7 7.0.55-1
NOTE: Fixed in https://svn.apache.org/viewvc?view=revision&revision=1601333 (7.x)
- tomcat8 8.0.9-1
NOTE: Fixed in https://svn.apache.org/viewvc?view=revision&revision=1600984 (8.x)
NOTE: Fixed in https://svn.apache.org/viewvc?view=revision&revision=1601332 (8.x)
+ TODO: check
CVE-2014-0226 (Race condition in the mod_status module in the Apache HTTP Server ...)
{DSA-2989-1 DLA-66-1}
- apache2 2.4.10-1
More information about the Secure-testing-commits
mailing list