[Secure-testing-commits] r45790 - in data: . CVE

Guido Guenther agx at moszumanska.debian.org
Mon Oct 31 09:21:39 UTC 2016 

Author: agx
Date: 2016-10-31 09:21:38 +0000 (Mon, 31 Oct 2016)
New Revision: 45790

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
LTS-Triage tomcat CVEs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-10-31 09:10:15 UTC (rev 45789)
+++ data/CVE/list	2016-10-31 09:21:38 UTC (rev 45790)
@@ -6597,7 +6597,7 @@
 CVE-2016-6797 [Apache Tomcat Unrestricted Access to Global Resources]
 	RESERVED
 	- tomcat8 <unfixed> (low)
-	- tomcat7 <unfixed> (low)
+	- tomcat7 <unfixed> (low; bug #842666)
 	- tomcat6 6.0.41-3 (low)
 	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
 	NOTE: http://markmail.org/message/wrku5orwxfpt5mzl?q=list:org.apache.tomcat.announce/
@@ -6606,7 +6606,7 @@
 CVE-2016-6796 [Apache Tomcat Security Manager Bypass]
 	RESERVED
 	- tomcat8 <unfixed> (low)
-	- tomcat7 <unfixed> (low)
+	- tomcat7 <unfixed> (low; bug #842665)
 	- tomcat6 6.0.41-3 (low)
 	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
 	NOTE: http://markmail.org/message/hynaeawxxhpvvctu?q=list:org.apache.tomcat.announce/
@@ -6617,7 +6617,7 @@
 CVE-2016-6794 [Apache Tomcat System Property Disclosure]
 	RESERVED
 	- tomcat8 <unfixed> (low)
-	- tomcat7 <unfixed> (low)
+	- tomcat7 <unfixed> (low; bug #842664)
 	- tomcat6 6.0.41-3 (low)
 	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
 	NOTE: http://markmail.org/message/zk7w6yly5mviocci?q=list:org.apache.tomcat.announce/
@@ -13177,7 +13177,7 @@
 CVE-2016-5018 [Apache Tomcat Security Manager Bypass]
 	RESERVED
 	- tomcat8 <unfixed> (low)
-	- tomcat7 <unfixed> (low)
+	- tomcat7 <unfixed> (low; bug #842663)
 	- tomcat6 6.0.41-3 (low)
 	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
 	NOTE: http://markmail.org/message/lixw6iyojoxwfizv?q=list:org.apache.tomcat.announce/
@@ -27095,7 +27095,7 @@
 CVE-2016-0762 [Apache Tomcat Realm Timing Attack]
 	RESERVED
 	- tomcat8 <unfixed> (low)
-	- tomcat7 <unfixed> (low)
+	- tomcat7 <unfixed> (low; bug #842662)
 	- tomcat6 6.0.41-3 (low)
 	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
 	NOTE: http://markmail.org/message/pzuk6hauzljnm4r7?q=list:org.apache.tomcat.announce/

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2016-10-31 09:10:15 UTC (rev 45789)
+++ data/dla-needed.txt	2016-10-31 09:21:38 UTC (rev 45790)
@@ -87,6 +87,8 @@
 tiff3 (Raphaël Hertzog)
   NOTE: 20160912: Open reproducible issues. No patches available.
 --
+tomcat7
+--
 xen (Credativ?)
   NOTE: Credativ replied on monday 24th, waiting for more information.
 --

More information about the Secure-testing-commits mailing list