Bug 247555 - security/vuxml tomcat vulnerability CVE-2020-11996
Summary: security/vuxml tomcat vulnerability CVE-2020-11996
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Jochen Neumeister
URL:
Keywords: buildisok, needs-qa, security
Depends on:
Blocks:
 
Reported: 2020-06-26 06:41 UTC by rob2g2
Modified: 2020-07-23 14:44 UTC (History)
5 users (show)

See Also:
bugzilla: maintainer-feedback? (ports-secteam)


Attachments
patch for vuxml to include tomcat CVE-2020-11996 (1.28 KB, patch)
2020-06-26 06:42 UTC, rob2g2
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description rob2g2 2020-06-26 06:41:14 UTC

    
Comment 1 rob2g2 2020-06-26 06:42:31 UTC
Created attachment 215954 [details]
patch for vuxml to include tomcat CVE-2020-11996
Comment 2 VVD 2020-06-26 13:00:32 UTC
- <range><lt>8.5.55</lt></range>
+ <range><lt>8.5.56</lt></range>

Mitigation:
- Upgrade to Apache Tomcat 10.0.0-M6 or later
- Upgrade to Apache Tomcat 9.0.36 or later
- Upgrade to Apache Tomcat 8.5.56 or later
Comment 3 Automation User 2020-07-11 00:11:52 UTC
Build info is available at https://gitlab.com/swills/freebsd-ports/pipelines/165432568
Comment 4 commit-hook freebsd_committer 2020-07-23 14:43:25 UTC
A commit references this bug:

Author: joneum
Date: Thu Jul 23 14:42:26 UTC 2020
New revision: 542934
URL: https://svnweb.freebsd.org/changeset/ports/542934

Log:
  modified the tomcat entry and add CVE-2020-11996

  PR:		247555
  Sponsored by:	Netzkommune GmbH

Changes:
  head/security/vuxml/vuln.xml