[Git][security-tracker-team/security-tracker][master] Add new tomcat issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
29e9d726 by Salvatore Bonaccorso at 2021-07-13T11:29:06+02:00
Add new tomcat issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8298,7 +8298,14 @@ CVE-2021-33038 (An issue was discovered in management/commands/hyperkitty_import
 	NOTE: https://gitlab.com/mailman/hyperkitty/-/issues/380
 	NOTE: https://techblog.wikimedia.org/2021/06/11/discovering-and-fixing-cve-2021-33038-in-mailman3/
 CVE-2021-33037 (Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5 ...)
-	TODO: check
+	- tomcat9 <unfixed>
+	- tomcat8 <removed>
+	NOTE: https://github.com/apache/tomcat/commit/45d70a86a901cbd534f8f570bed2aec9f7f7b88e (9.0.47)
+	NOTE: https://github.com/apache/tomcat/commit/05f9e8b00f5d9251fcd3c95dcfd6cf84177f46c8 (9.0.47)
+	NOTE: https://github.com/apache/tomcat/commit/a2c3dc4c96168743ac0bab613709a5bbdaec41d0 (9.0.47)
+	NOTE: https://github.com/apache/tomcat/commit/3202703e6d635e39b74262e81f0cb4bcbe2170dc (8.5.67)
+	NOTE: https://github.com/apache/tomcat/commit/da0e7cb093cf68b052d9175e469dbd0464441b0b (8.5.67)
+	NOTE: https://github.com/apache/tomcat/commit/8874fa02e9b36baa9ca6b226c0882c0190ca5a02 (8.5.67)
 CVE-2021-33036
 	RESERVED
 CVE-2021-33035
@@ -14060,9 +14067,31 @@ CVE-2021-30641 (Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching
 	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65238
 	NOTE: https://github.com/apache/httpd/commit/eb986059aa5aa0b6c1d52714ea83e3dd758afdd1
 CVE-2021-30640 (A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker  ...)
-	TODO: check
+	- tomcat9 <unfixed>
+	- tomcat8 <removed>
+	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65224
+	NOTE: https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb (9.0.46)
+	NOTE: https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434 (9.0.46)
+	NOTE: https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e (9.0.46)
+	NOTE: https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56 (9.0.46)
+	NOTE: https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862 (9.0.46)
+	NOTE: https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43 (9.0.46)
+	NOTE: https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0 (9.0.46)
+	NOTE: https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945 (9.0.46)
+	NOTE: https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c (8.5.66)
+	NOTE: https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100 (8.5.66)
+	NOTE: https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822 (8.5.66)
+	NOTE: https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe (8.5.66)
+	NOTE: https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b (8.5.66)
+	NOTE: https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972 (8.5.66)
+	NOTE: https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38 (8.5.66)
+	NOTE: https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375 (8.5.66)
 CVE-2021-30639 (A vulnerability in Apache Tomcat allows an attacker to remotely trigge ...)
-	TODO: check
+	- tomcat9 <unfixed>
+	- tomcat8 <removed>
+	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65203
+	NOTE: https://github.com/apache/tomcat/commit/8ece47c4a9fb9349e8862c84358a4dd23c643a24 (9.0.45)
+	NOTE: https://github.com/apache/tomcat/commit/411caf29ac1c16e6ac291b6e5543b2371dbd25e2 (8.5.65)
 CVE-2020-36334 (themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by  ...)
 	NOT-FOR-US: WordPress plugin themegrill-demo-importer
 CVE-2020-36333 (themegrill-demo-importer before 1.6.2 does not require authentication  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29e9d7261f03c4960eb05377e606c2c71d8e6862

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29e9d7261f03c4960eb05377e606c2c71d8e6862
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210713/11911509/attachment.htm>