[Secure-testing-commits] r38985 - in data: . CVE DSA

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun Jan 17 15:29:36 UTC 2016 

Author: carnil
Date: 2016-01-17 15:29:36 +0000 (Sun, 17 Jan 2016)
New Revision: 38985

Modified:
   data/CVE/list
   data/DSA/list
   data/dsa-needed.txt
Log:
Reserve DSA number for tomcat7

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-01-17 14:54:12 UTC (rev 38984)
+++ data/CVE/list	2016-01-17 15:29:36 UTC (rev 38985)
@@ -55409,7 +55409,7 @@
 	{DLA-232-1}
 	- tomcat6 6.0.41-3 (bug #785316)
 	- tomcat7 7.0.55-1
-	[jessie] - tomcat7 <no-dsa> (Minor issue)
+	[wheezy] - tomcat7 7.0.28-4+deb7u3
 	- tomcat8 8.0.9-1
 	NOTE: tomcat6 in jessie only builds the servlet API classes
 	NOTE: https://svn.apache.org/viewvc?view=revision&revision=1603781 (7.x)
@@ -55424,6 +55424,7 @@
 	NOTE: Fixed in https://svn.apache.org/viewvc?view=revision&revision=1603628 (6.x)
 	NOTE: Marked as fixed in 6.0.41-3 which only builds the libservlet2.5-java and libservlet2.5-java-doc packages
 	- tomcat7 7.0.55-1
+	[wheezy] - tomcat7 7.0.28-4+deb7u3
 	NOTE: Fixed in https://svn.apache.org/viewvc?view=revision&revision=1601333 (7.x)
 	- tomcat8 8.0.9-1
 	NOTE: Fixed in https://svn.apache.org/viewvc?view=revision&revision=1600984 (8.x)
@@ -55921,6 +55922,7 @@
 CVE-2014-0099 (Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in ...)
 	- tomcat8 8.0.5-1
 	- tomcat7 7.0.53-1
+	[wheezy] - tomcat7 7.0.28-4+deb7u3
 	- tomcat6 6.0.41-1
 	NOTE: http://svn.apache.org/r1578814
 CVE-2014-0098 (The log_cookie function in mod_log_config.c in the mod_log_config ...)
@@ -56016,6 +56018,7 @@
 CVE-2014-0075 (Integer overflow in the parseChunkHeader function in ...)
 	- tomcat8 8.0.5-1
 	- tomcat7 7.0.53-1
+	[wheezy] - tomcat7 7.0.28-4+deb7u3
 	- tomcat6 6.0.41-1
 CVE-2014-0074 (Apache Shiro 1.x before 1.2.3, when using an LDAP server with ...)
 	NOT-FOR-US: Apache Shiro
@@ -62686,6 +62689,7 @@
 	NOT-FOR-US: Context Drupal contributed module
 CVE-2013-4444 (Unrestricted file upload vulnerability in Apache Tomcat 7.x before ...)
 	- tomcat7 7.0.40-1
+	[wheezy] - tomcat7 7.0.28-4+deb7u3
 	NOTE: https://svn.apache.org/viewvc?view=revision&revision=1470435
 CVE-2013-4443
 	REJECTED

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2016-01-17 14:54:12 UTC (rev 38984)
+++ data/DSA/list	2016-01-17 15:29:36 UTC (rev 38985)
@@ -1,3 +1,7 @@
+[17 Jan 2016] DSA-3447-1 tomcat7 - security update
+	{CVE-2014-7810}
+	[wheezy] - tomcat7 7.0.28-4+deb7u3
+	[jessie] - tomcat7 7.0.56-3+deb8u1
 [14 Jan 2016] DSA-3431-2 ganeti - regression update
 	[wheezy] - ganeti 2.5.2-1+deb7u2
 	[jessie] - ganeti 2.12.4-1+deb8u3

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2016-01-17 14:54:12 UTC (rev 38984)
+++ data/dsa-needed.txt	2016-01-17 15:29:36 UTC (rev 38985)
@@ -76,8 +76,5 @@
 --
 tomcat6
 --
-tomcat7
-  Maintainer prepared update for jessie-security. wheezy-security pending/wip
---
 wireshark
 --

More information about the Secure-testing-commits mailing list