[Secure-testing-commits] r46218 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Nov 15 19:32:34 UTC 2016
Author: carnil
Date: 2016-11-15 19:32:34 +0000 (Tue, 15 Nov 2016)
New Revision: 46218
Modified:
data/CVE/list
Log:
Update information for CVE-2016-5388
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-15 19:32:23 UTC (rev 46217)
+++ data/CVE/list 2016-11-15 19:32:34 UTC (rev 46218)
@@ -12338,12 +12338,17 @@
REJECTED
CVE-2016-5388 (Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows ...)
- tomcat9 <itp> (bug #802312)
- - tomcat8 <unfixed> (unimportant)
- - tomcat7 <unfixed> (unimportant)
+ - tomcat8 8.0.37-1 (unimportant)
+ - tomcat7 7.0.72-1 (unimportant)
- tomcat6 6.0.41-3 (unimportant)
NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
NOTE: No part of Tomcat does set HTTP_PROXY based on a Proxy: header, upstream plans
NOTE: some hardening to discard HTTP_PROXY in the future
+ NOTE: This CVE was special since not assigned to a vulnerability but for a mitigation
+ NOTE: thus marking as fixed for 8.0.37 and 7.0.71 (upstream) and with according
+ NOTE: versions in Debian.
+ NOTE: https://svn.apache.org/r1756941 (8.0.x)
+ NOTE: https://svn.apache.org/r1756942 (7.0.x)
CVE-2016-1000111
RESERVED
- twisted <unfixed> (unimportant)
More information about the Secure-testing-commits
mailing list