[Git][security-tracker-team/security-tracker][master] Backport can be too intrusive. Patch
Abhijith PA
abhijith at debian.org
Sun Mar 22 18:57:48 GMT 2020
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4653e519 by Abhijith PA at 2020-03-23T00:25:20+05:30
Backport can be too intrusive. Patch
https://github.com/apache/tomcat/commit/8fbe2e9·tries·to·modify
usage·of·a·function·ApplicationBufferHandler·in CR & LF checks
in Http11InputBuffer.java. Backporting this need lot of another
patches. Another is renaming·of·an·API·from
rejectIllegalHeaderName·to·rejectIllegalHeader. This one looks
unnecessary and not related to CVE-2020-1935.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -21655,6 +21655,7 @@ CVE-2020-1935 (In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to
{DLA-2133-1}
- tomcat9 9.0.31-1
- tomcat8 <removed>
+ [jessie] - tomcat8 <no-dsa> (backport is too intrusive)
- tomcat7 <removed>
NOTE: https://github.com/apache/tomcat/commit/8bfb0ff7f25fe7555a5eb2f7984f73546c11aa26 (9.0.31)
NOTE: https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56 (8.5.51)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4653e5191e7942ce96a4efc222ca205d1196f86c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4653e5191e7942ce96a4efc222ca205d1196f86c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200322/eaefc532/attachment.html>
More information about the debian-security-tracker-commits
mailing list