[Secure-testing-commits] r46384 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Nov 21 16:17:57 UTC 2016
Author: carnil
Date: 2016-11-21 16:17:56 +0000 (Mon, 21 Nov 2016)
New Revision: 46384
Modified:
data/CVE/list
Log:
Add tomcat without CVE which will be fixed in DSA
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-21 15:30:48 UTC (rev 46383)
+++ data/CVE/list 2016-11-21 16:17:56 UTC (rev 46384)
@@ -1,3 +1,11 @@
+CVE-2016-XXXX [TOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory]
+ - tomcat8 8.0.38-1 (bug #840685)
+ [jessie] - tomcat8 8.0.14-1+deb8u4
+ - tomcat7 7.0.72-3 (bug #841655)
+ [jessie] - tomcat7 7.0.56-3+deb8u5
+ NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
+ - tomcat6 6.0.41-3
+ NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
CVE-2016-XXXX [Better check for bufferoverflow for TIFF handling]
- imagemagick <unfixed> (bug #845202)
TODO: check
More information about the Secure-testing-commits
mailing list