[Secure-testing-commits] r34343 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2015-05-19 15:41:12 +0000 (Tue, 19 May 2015)
New Revision: 34343

Modified:
   data/CVE/list
Log:
Add CVE-2014-7810/tomcat{6,7,8}, left TODO item for now

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-05-19 15:38:21 UTC (rev 34342)
+++ data/CVE/list	2015-05-19 15:41:12 UTC (rev 34343)
@@ -16581,8 +16581,15 @@
 	NOT-FOR-US: Red Hat Satellite / Spacewalk
 CVE-2014-7811 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and ...)
 	NOT-FOR-US: Red Hat Satellite / Spacewalk
-CVE-2014-7810
+CVE-2014-7810 [security manager bypass via EL expressions]
 	RESERVED
+	- tomcat6 6.0.41-3
+	NOTE: Marked as fixed in 6.0.41-3 which only builds the libservlet2.5-java and libservlet2.5-java-doc packages
+	- tomcat7 7.0.61-1
+	- tomcat8 8.0.21-2
+	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1644019
+	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1645644
+	TODO: check
 CVE-2014-7809 (Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable ...)
 	- libstruts1.2-java <not-affected> (Struts 2.0.0 through to Struts 2.3.16.3)
 CVE-2014-7808