247555 – security/vuxml tomcat vulnerability CVE-2020-11996

Bug 247555 - security/vuxml tomcat vulnerability CVE-2020-11996

Summary: security/vuxml tomcat vulnerability CVE-2020-11996

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Many People
Assignee:	Jochen Neumeister

URL:
Keywords:	buildisok, needs-qa, security

Depends on:
Blocks:

Reported:	2020-06-26 06:41 UTC by rob2g2
Modified:	2020-07-23 14:44 UTC (History)
CC List:	5 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (ports-secteam)

Attachments
patch for vuxml to include tomcat CVE-2020-11996 (1.28 KB, patch) 2020-06-26 06:42 UTC, rob2g2	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description rob2g2 2020-06-26 06:41:14 UTC

Comment 1 rob2g2 2020-06-26 06:42:31 UTC

Created attachment 215954 [details]
patch for vuxml to include tomcat CVE-2020-11996

Comment 2 Vladimir Druzenko freebsd_committer

2020-06-26 13:00:32 UTC

- <range><lt>8.5.55</lt></range>
+ <range><lt>8.5.56</lt></range>

Mitigation:
- Upgrade to Apache Tomcat 10.0.0-M6 or later
- Upgrade to Apache Tomcat 9.0.36 or later
- Upgrade to Apache Tomcat 8.5.56 or later

Comment 3 Automation User 2020-07-11 00:11:52 UTC

Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/165432568

Comment 4 commit-hook freebsd_committer

2020-07-23 14:43:25 UTC

A commit references this bug:

Author: joneum
Date: Thu Jul 23 14:42:26 UTC 2020
New revision: 542934
URL: https://svnweb.freebsd.org/changeset/ports/542934

Log:
  modified the tomcat entry and add CVE-2020-11996

  PR:		247555
  Sponsored by:	Netzkommune GmbH

Changes:
  head/security/vuxml/vuln.xml