[Git][security-tracker-team/security-tracker][master] Add note on tomcat9 regresssion for CVE-2021-30640
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 11 07:56:12 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
96da5ee1 by Salvatore Bonaccorso at 2021-08-11T08:54:41+02:00
Add note on tomcat9 regresssion for CVE-2021-30640
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18258,6 +18258,8 @@ CVE-2021-30640 (A vulnerability in the JNDI Realm of Apache Tomcat allows an att
NOTE: https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972 (8.5.66)
NOTE: https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38 (8.5.66)
NOTE: https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375 (8.5.66)
+ NOTE: Fix for CVE-2021-30640 introduced a regression:
+ NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65308
CVE-2021-30639 (A vulnerability in Apache Tomcat allows an attacker to remotely trigge ...)
- tomcat9 <not-affected> (Vulnerable code introduced later in 9.0.44)
- tomcat8 <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96da5ee18c0a61f724a75bef3155f2400ada6a85
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96da5ee18c0a61f724a75bef3155f2400ada6a85
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210811/6a112966/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list