[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-15698/tomcat-native
Salvatore Bonaccorso
carnil at debian.org
Thu Feb 1 06:07:53 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e2bcafcb by Salvatore Bonaccorso at 2018-02-01T07:07:29+01:00
Add CVE-2017-15698/tomcat-native
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -20935,7 +20935,11 @@ CVE-2017-15699
RESERVED
TODO: check, this is possibly specific to AMQ Interconnect as used by Red Hat JBoss, although based on Apache Qpid project
CVE-2017-15698 (When parsing the AIA-Extension field of a client certificate, Apache ...)
- TODO: check
+ - tomcat-native 1.2.16-1
+ NOTE: https://lists.apache.org/thread.html/6eb0a53e5827d97db1a05c736d01101fec21202a5b8fc77bb0eaaed8@%3Cannounce.tomcat.apache.org%3E
+ NOTE: http://svn.apache.org/r1815200
+ NOTE: http://svn.apache.org/r1815218
+ NOTE: Affects: 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34
CVE-2017-15697 (A malicious X-ProxyContextPath or X-Forwarded-Context header ...)
NOT-FOR-US: Apache NiFi
CVE-2017-15696
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e2bcafcbc93d5857976e09e1d1773f0c4c7474df
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e2bcafcbc93d5857976e09e1d1773f0c4c7474df
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180201/96034440/attachment.html>
More information about the Secure-testing-commits
mailing list