[Git][security-tracker-team/security-tracker][master] Add tracking bugs for CVE-2019-10072

Tue Feb 25 05:36:19 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3daa7370 by Salvatore Bonaccorso at 2020-02-25T06:35:18+01:00
Add tracking bugs for CVE-2019-10072

It looks back then when filling the bug we (I) missed to add then back
the reference, even resulting in a doubled bug from me for tomcat9. List
all the related bugs now.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -50235,8 +50235,8 @@ CVE-2019-10074 (An RCE is possible by entering Freemarker markup in an Apache OF
 CVE-2019-10073 (The "Blog", "Forum", "Contact Us" screens of the template "ecommerce"  ...)
 	NOT-FOR-US: Apache OFBiz
 CVE-2019-10072 (The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 co ...)
-	- tomcat9 9.0.22-1 (bug #931131)
-	- tomcat8 <removed>
+	- tomcat9 9.0.22-1 (bug #931131; bug #930872)
+	- tomcat8 <removed> (bug #30873)
 	[stretch] - tomcat8 <not-affected> (Incomplete fix for CVE-2019-0199 not applied)
 	[jessie] - tomcat8 <not-affected> (HTTP/2 support not implemented)
 	NOTE: https://lists.apache.org/thread.html/df1a2c1b87c8a6c500ecdbbaf134c7f1491c8d79d98b48c6b9f0fa6a@%3Cannounce.tomcat.apache.org%3E



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3daa7370cd2344ca43879266de2ce81fb620f119

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3daa7370cd2344ca43879266de2ce81fb620f119
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200225/c2c8f36e/attachment.html>
