[Secure-testing-commits] r46434 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Nov 22 10:59:04 UTC 2016
Author: carnil
Date: 2016-11-22 10:59:04 +0000 (Tue, 22 Nov 2016)
New Revision: 46434
Modified:
data/CVE/list
Log:
Add new tomcat issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-22 10:47:05 UTC (rev 46433)
+++ data/CVE/list 2016-11-22 10:59:04 UTC (rev 46434)
@@ -2089,8 +2089,17 @@
CVE-2016-8736
RESERVED
NOT-FOR-US: Apache OpenMeetings
-CVE-2016-8735
+CVE-2016-8735 [remote code execution]
RESERVED
+ - tomcat9 <itp> (bug #802312)
+ - tomcat8 8.0.39-1
+ - tomcat7 7.0.72-3
+ NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
+ - tomcat6 6.0.41-3 (low)
+ NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
+ NOTE: Fixed by: http://svn.apache.org/r1767656 (8.0.x)
+ NOTE: Fixed by: http://svn.apache.org/r1767676 (7.0.x)
+ NOTE: Fixed by: http://svn.apache.org/r1767684 (6.0.x)
CVE-2016-8734
RESERVED
CVE-2016-8733
@@ -8182,10 +8191,23 @@
RESERVED
CVE-2016-6818
RESERVED
-CVE-2016-6817
+CVE-2016-6817 [denial of service]
RESERVED
-CVE-2016-6816
+ - tomcat9 <itp> (bug #802312)
+ - tomcat8 <not-affected> (Only affects 9.x and 8.5.x)
+ - tocmat7 <not-affected> (Only affects 9.x and 8.5.x)
+ - tomcat6 <not-affected> (Only affects 9.x and 8.5.x)
+CVE-2016-6816 [information disclosure]
RESERVED
+ - tomcat9 <itp> (bug #802312)
+ - tomcat8 8.0.39-1
+ - tomcat7 7.0.72-3
+ NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
+ - tomcat6 6.0.41-3 (low)
+ NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
+ NOTE: Fixed by: http://svn.apache.org/r1767653 (8.0.x)
+ NOTE: Fixed by: http://svn.apache.org/r1767675 (7.0.x)
+ NOTE: Fixed by: http://svn.apache.org/r1767683 (6.0.x)
CVE-2016-6815
RESERVED
NOT-FOR-US: Apache Ranger
More information about the Secure-testing-commits
mailing list