[Git][security-tracker-team/security-tracker][master] Remove no-dsa flag from Tomcat 8 / Jessie in CVE list.

Markus Koschany apo at debian.org
Mon May 11 16:15:58 BST 2020 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cc058251 by Markus Koschany at 2020-05-11T17:15:25+02:00
Remove no-dsa flag from Tomcat 8 / Jessie in CVE list.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -28341,7 +28341,6 @@ CVE-2020-1938 (When using the Apache JServ Protocol (AJP), care must be taken wh
 	{DSA-4680-1 DSA-4673-1 DLA-2133-1}
 	- tomcat9 9.0.31-1 (bug #952437)
 	- tomcat8 <removed> (bug #952438)
-	[jessie] - tomcat8 <no-dsa> (backport is intrusive because of API changes)
 	- tomcat7 <removed> (bug #952436)
 	NOTE: AJP disabled in Debian in default configuration since 2008
 	NOTE: fixed in upstream versions 9.0.31, 8.5.51, 7.0.100
@@ -28368,7 +28367,6 @@ CVE-2020-1935 (In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to
 	{DSA-4680-1 DSA-4673-1 DLA-2133-1}
 	- tomcat9 9.0.31-1
 	- tomcat8 <removed>
-	[jessie] - tomcat8 <no-dsa> (backport is too intrusive)
 	- tomcat7 <removed>
 	NOTE: https://github.com/apache/tomcat/commit/8bfb0ff7f25fe7555a5eb2f7984f73546c11aa26 (9.0.31)
 	NOTE: https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56 (8.5.51)
@@ -37325,7 +37323,6 @@ CVE-2019-17563 (When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.
 	{DSA-4680-1 DSA-4596-1 DLA-2077-1}
 	- tomcat9 9.0.31-1
 	- tomcat8 <removed>
-	[jessie] - tomcat8 <no-dsa> (low risk, backport is intrusive)
 	- tomcat7 <removed>
 	NOTE: https://github.com/apache/tomcat/commit/1ecba14e690cf5f3f143eef6ae7037a6d3c16652 (9.0.30)
 	NOTE: https://github.com/apache/tomcat/commit/e19a202ee43b6e2a538be5515ae0ab32d8ef112c (8.5.50)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc05825194b70c8a7e9a81aec45617813775d81e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc05825194b70c8a7e9a81aec45617813775d81e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200511/4c7073cb/attachment.html>

More information about the debian-security-tracker-commits mailing list