[Git][security-tracker-team/security-tracker][master] Add CVE-2019-10072/tomcat*

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2dc4f9f2 by Salvatore Bonaccorso at 2019-06-21T19:25:43Z
Add CVE-2019-10072/tomcat*

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7165,8 +7165,12 @@ CVE-2019-10074
 	RESERVED
 CVE-2019-10073
 	RESERVED
-CVE-2019-10072
+CVE-2019-10072 [Incomplete fix for CVE-2019-0199]
 	RESERVED
+	- tomcat9 <unfixed>
+	- tomcat8 <unfixed>
+	[stretch] - tomcat8 <not-affected> (Incomplete fix for CVE-2019-0199 not applied)
+	NOTE: https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E
 CVE-2019-10071
 	RESERVED
 CVE-2019-10070
@@ -34861,6 +34865,7 @@ CVE-2019-0199 (The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and
 	- tomcat8 8.5.38-1
 	[jessie] - tomcat8 <not-affected> (HTTP/2 support not implemented)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1693325
+	NOTE: When fixing this issue make sure to fix it completely to not open CVE-2019-10072.
 CVE-2019-0198
 	REJECTED
 CVE-2019-0197 (A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2dc4f9f269b1c938f5b62de6a7cdad15e12a50e4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2dc4f9f269b1c938f5b62de6a7cdad15e12a50e4
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190621/fc5dacc9/attachment.html>