[Git][security-tracker-team/security-tracker][master] 5 commits: Track fixed version via unstable for CVE-2021-25329/tomcat9

Mon Mar 1 16:28:39 GMT 2021


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1183aa74 by Salvatore Bonaccorso at 2021-03-01T17:14:40+01:00
Track fixed version via unstable for CVE-2021-25329/tomcat9

- - - - -
1769f634 by Salvatore Bonaccorso at 2021-03-01T17:15:09+01:00
Track fixed version for CVE-2021-25122/tomcat9 via unstable

- - - - -
30bee309 by Salvatore Bonaccorso at 2021-03-01T17:15:39+01:00
Add note on incomplete fix for CVE-2020-9484

- - - - -
4fe8600e by Salvatore Bonaccorso at 2021-03-01T17:27:04+01:00
Reference upstream commits for CVE-2021-25329

- - - - -
3c61027d by Salvatore Bonaccorso at 2021-03-01T17:27:25+01:00
Reference upstream commits for CVE-2021-25122

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5867,10 +5867,14 @@ CVE-2021-3180
 	RESERVED
 CVE-2021-25329
 	RESERVED
-	- tomcat9 <unfixed>
+	- tomcat9 9.0.43-1
 	- tomcat8 <removed>
 	- tomcat7 <removed>
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/01/2
+	NOTE: https://github.com/apache/tomcat/commit/4785433a226a20df6acbea49296e1ce7e23de453 (9.0.43)
+	NOTE: https://github.com/apache/tomcat/commit/93f0cc403a9210d469afc2bd9cf03ab3251c6f35 (8.5.63)
+	NOTE: https://github.com/apache/tomcat/commit/74b105657ffbd1d1de80455f03446c3bbf30d1f5 (7.0.108)
+	NOTE: CVE is for incomplete fix for CVE-2020-9484.
 CVE-2021-25328
 	RESERVED
 CVE-2021-25327
@@ -6404,10 +6408,12 @@ CVE-2021-25123 (The Baseboard Management Controller(BMC) in HPE Cloudline CL5800
 	NOT-FOR-US: HPE
 CVE-2021-25122
 	RESERVED
-	- tomcat9 <unfixed>
+	- tomcat9 9.0.43-1
 	- tomcat8 <removed>
 	- tomcat7 <removed>
 	NOTE: https://www.openwall.com/lists/oss-security/2021/03/01/1
+	NOTE: https://github.com/apache/tomcat/commit/d47c20a776e8919eaca8da9390a32bc8bf8210b1 (9.0.43)
+	NOTE: https://github.com/apache/tomcat/commit/bb0e7c1e0d737a0de7d794572517bce0e91d30fa (8.5.63)
 CVE-2021-25121
 	RESERVED
 CVE-2021-25120



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5327ecf031f0abb387bc0e4e2357cdc845b3bcd7...3c61027d3edd6dc37525993b21928c5e6aa4b3e0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5327ecf031f0abb387bc0e4e2357cdc845b3bcd7...3c61027d3edd6dc37525993b21928c5e6aa4b3e0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210301/942db45b/attachment.htm>
