[Git][security-tracker-team/security-tracker][master] Add CVE-2018-1336/tomcat*

Salvatore Bonaccorso carnil at debian.org
Tue Jul 24 07:33:16 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
92bcb1e4 by Salvatore Bonaccorso at 2018-07-24T08:32:37+02:00
Add CVE-2018-1336/tomcat*

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -35788,8 +35788,19 @@ CVE-2018-1338 (A carefully crafted (or fuzzed) file can trigger an infinite loop
 	NOTE: http://www.openwall.com/lists/oss-security/2018/04/25/6
 CVE-2018-1337 (In Apache LDAP API before 1.0.2, a bug in the way the SSL Filter was ...)
 	NOT-FOR-US: Apache LDAP API
-CVE-2018-1336
+CVE-2018-1336 [A bug in the UTF-8 decoder can lead to DoS]
 	RESERVED
+	- tomcat9 <itp> (bug #802312)
+	- tomcat8 8.5.31-1
+	- tomcat8.0 <unfixed> (unimportant)
+	NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
+	- tomcat7 7.0.72-3
+	[jessie] - tomcat7 7.0.56-3+really7.0.88-1
+	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
+	NOTE: https://svn.apache.org/r1830373 (9.0.x)
+	NOTE: https://svn.apache.org/r1830374 (8.5.x)
+	NOTE: https://svn.apache.org/r1830375 (8.0.x)
+	NOTE: https://svn.apache.org/r1830376 (7.0.x)
 CVE-2018-1335 (From Apache Tika versions 1.7 to 1.17, clients could send carefully ...)
 	- tika <not-affected> (Server functionality not present)
 	NOTE: http://www.openwall.com/lists/oss-security/2018/04/25/8



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92bcb1e4f34b50d556c673d1964e832c146d6860

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/92bcb1e4f34b50d556c673d1964e832c146d6860
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180724/10e09c99/attachment.html>

More information about the debian-security-tracker-commits mailing list