[Git][security-tracker-team/security-tracker][master] Add CVE-2019-0221 for tomcat{9,8,7}
Salvatore Bonaccorso
carnil at debian.org
Sat May 18 20:30:34 BST 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
48d1af2a by Salvatore Bonaccorso at 2019-05-18T19:29:57Z
Add CVE-2019-0221 for tomcat{9,8,7}
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -32361,8 +32361,14 @@ CVE-2019-0222 (In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT fra
[stretch] - activemq <no-dsa> (Minor issue)
[jessie] - activemq <not-affected> (MQTT support not enabled)
NOTE: http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt
-CVE-2019-0221
- RESERVED
+CVE-2019-0221 [XSS in SSI printenv]
+ RESERVED
+ - tomcat9 <unfixed>
+ - tomcat8 <removed>
+ - tomcat7 <removed>
+ NOTE: https://github.com/apache/tomcat/commit/15fcd16 (9.0.19)
+ NOTE: https://github.com/apache/tomcat/commit/4fcdf70 (8.5.39)
+ NOTE: https://github.com/apache/tomcat/commit/44ec74c (7.0.93)
CVE-2019-0220 [Apache httpd URL normalization inconsistincy]
RESERVED
{DSA-4422-1 DLA-1748-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/48d1af2ab90f847c1df3208e92f3d15530cfc1d9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/48d1af2ab90f847c1df3208e92f3d15530cfc1d9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190518/1dba1c31/attachment.html>
More information about the debian-security-tracker-commits
mailing list