[Git][security-tracker-team/security-tracker][master] Add CVE-2019-12418/tomcat*

Sat Dec 21 07:51:22 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dd0f2aa2 by Salvatore Bonaccorso at 2019-12-21T07:50:52Z
Add CVE-2019-12418/tomcat*

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29608,8 +29608,14 @@ CVE-2019-12420 (In Apache SpamAssassin before 3.4.3, a message can be crafted in
 	NOTE: https://svn.apache.org/r1866128
 CVE-2019-12419 (Apache CXF before 3.3.4 and 3.2.11 provides all of the components that ...)
 	NOT-FOR-US: Apache CFX
-CVE-2019-12418
+CVE-2019-12418 [local privilege escalation]
 	RESERVED
+	- tomcat9 <unfixed>
+	- tomcat8 <removed>
+	- tomcat7 <removed>
+	NOTE: https://github.com/apache/tomcat/commit/1fc9f589dbdd8295cf313b2667ab041c425f99c3 (9.0.29)
+	NOTE: https://github.com/apache/tomcat/commit/a91d7db4047d372b2f12999d3cf2bc3254c20d00 (8.5.48)
+	NOTE: https://github.com/apache/tomcat/commit/bef3f40400243348d12f4abfe9b413f43897c02b (7.0.98)
 CVE-2019-12417 (A malicious admin user could edit the state of objects in the Airflow  ...)
 	- airflow <itp> (bug #819700)
 CVE-2019-12416



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd0f2aa2ea66382daea7595268bc01218ebd8eba

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/dd0f2aa2ea66382daea7595268bc01218ebd8eba
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191221/7f1f39ff/attachment.html>
