[Git][security-tracker-team/security-tracker][master] 2 commits: Group entries per source package

Salvatore Bonaccorso carnil at debian.org
Sat Sep 1 20:31:59 BST 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8bfbcfe3 by Salvatore Bonaccorso at 2018-09-01T19:30:07Z
Group entries per source package

- - - - -
38c34164 by Salvatore Bonaccorso at 2018-09-01T19:30:37Z
Revert "Remove old CVE rejection note"

Keep it until it is properly rejected by MITRE. It is still found as
reference in the Red Hat bugzilla and would otherwise trigger an
external check. We do not want to track this for python as we
defintively agree it is not a security issue and the CVE bogus.

This reverts commit 6786a3bff8b07981cffa26466aa3598010b825e5.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20675,8 +20675,8 @@ CVE-2018-8037 (If an async request was completed by the application at the same
 	{DSA-4281-1}
 	- tomcat9 <itp> (bug #802312)
 	- tomcat8 8.5.32-1
-	- tomcat8.0 <not-affected> (Vulnerable code only present in 8.5.5 to 8.5.31 in 8.x series)
 	[jessie] - tomcat8 <not-affected> (vulnerable code only present in 8.5.5 to 8.5.31 in 8.x series)
+	- tomcat8.0 <not-affected> (Vulnerable code only present in 8.5.5 to 8.5.31 in 8.x series)
 	NOTE: https://svn.apache.org/r1833906 (9.0.x)
 	NOTE: https://svn.apache.org/r1833907 (8.5.x)
 CVE-2018-8036 (In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully ...)
@@ -226699,8 +226699,9 @@ CVE-2011-0707 (Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confir
 CVE-2011-0706 (The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in ...)
 	{DSA-2224-1}
 	- openjdk-6 6b18-1.8.7-1
-CVE-2011-0705
+CVE-2011-0705 [path traversal in SimpleHTTPServer]
 	RESERVED
+	NOTE: Will be rejected
 CVE-2011-0704 (389 Directory Server 1.2.7.5, when built with mozldap, allows remote ...)
 	NOT-FOR-US: 389 Directory Server
 CVE-2011-0703



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/117bd3825e6eb4de83a05f37e8c6344e7e05fdeb...38c34164f11cf8c579b62e4cd783ea19d01820bb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/117bd3825e6eb4de83a05f37e8c6344e7e05fdeb...38c34164f11cf8c579b62e4cd783ea19d01820bb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180901/7a4aa734/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list