[Secure-testing-commits] r39958 - data/CVE

[Markus Koschany]

Author: apo-guest
Date: 2016-02-26 19:39:16 +0000 (Fri, 26 Feb 2016)
New Revision: 39958

Modified:
   data/CVE/list
Log:
Triage CVE-2015-5346. Mark as minor issue and no-dsa for Tomcat 6

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-02-26 18:43:10 UTC (rev 39957)
+++ data/CVE/list	2016-02-26 19:39:16 UTC (rev 39958)
@@ -16535,8 +16535,15 @@
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.0.30-1
 	- tomcat7 7.0.68-1
-	- tomcat6 <undetermined>
+	- tomcat6 6.0.35-1+squeeze4
+	[squeeze] - tomcat6 <no-dsa> (Minor issue, very unlikely to exploit)
+	[wheezy] - tomcat6 <no-dsa> (Minor issue, very unlikely to exploit)
+	[jessie] - tomcat6 <no-dsa> (Minor issue, very unlikely to exploit)
 	NOTE: Fixed in 7.0.67, 8.0.30, 9.0.0.M3
+	NOTE: Not fixed for Tomcat 6. Request.java is affected.
+	NOTE: https://svn.apache.org/viewvc?view=revision&revision=1713187
+	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1713185
+	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1723506
 CVE-2015-5345 (The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before ...)
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.0.30-1