[Git][security-tracker-team/security-tracker][master] Regression is on the usage of lately introduced class called

Fri Mar 20 06:56:20 GMT 2020


Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9656ff94 by Abhijith PA at 2020-03-20T12:05:47+05:30
Regression is on the usage of lately introduced class called
TokenList(which is more of a parser module) in
transfer-encoding parsing.

https://github.com/apache/tomcat/commit/8b2d892e6544beb33b61ebbe850bd44c1402a882#diff-a0b19250cb9e355364c476929e385e6f
https://bz.apache.org/bugzilla/show_bug.cgi?id=63864

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -30160,6 +30160,7 @@ CVE-2019-17569 (The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.4
 	- tomcat9 9.0.31-1
 	- tomcat8 <removed>
 	- tomcat7 <removed>
+	[jessie] - tomcat8 <not-affected> (vulnerable code introduced in later version)
 	NOTE: https://github.com/apache/tomcat/commit/060ecc5eb839208687b7fcc9e35287ac8eb46998 (9.0.31)
 	NOTE: https://github.com/apache/tomcat/commit/959f1dfd767bf3cb64776b44f7395d1d8d8f7ab3 (8.5.51)
 	NOTE: https://github.com/apache/tomcat/commit/b191a0d9cf06f4e04257c221bfe41d2b108a9cc8 (7.0.100)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9656ff944063c97721250e5f0126266452353390

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9656ff944063c97721250e5f0126266452353390
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200320/fd3fc1eb/attachment-0001.html>
