You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2012/01/17 11:31:37 UTC
svn commit: r1232382 - in /tomcat/site/trunk: docs/security-5.html
docs/security-6.html docs/security-7.html xdocs/security-5.xml
xdocs/security-6.xml xdocs/security-7.xml
Author: markt
Date: Tue Jan 17 10:31:37 2012
New Revision: 1232382
URL: http://svn.apache.org/viewvc?rev=1232382&view=rev
Log:
Deal with Mitre splitting up an issue and not telling us.
Modified:
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-6.xml
tomcat/site/trunk/xdocs/security-7.xml
Modified: tomcat/site/trunk/docs/security-5.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=1232382&r1=1232381&r2=1232382&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Tue Jan 17 10:31:37 2012
@@ -350,6 +350,16 @@
</p>
+<p>Note: Mitre elected to break this issue down into multiple issues and
+ have allocated the following additional references to parts of this
+ issue:
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5062" rel="nofollow">CVE-2011-5062</a>,
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5063" rel="nofollow">CVE-2011-5063</a> and
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5064" rel="nofollow">CVE-2011-5064</a>. The Apache Tomcat security team will
+ continue to treat this as a single issue using the reference
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184" rel="nofollow">CVE-2011-1184</a>.</p>
+
+
<p>The implementation of HTTP DIGEST authentication was discovered to have
several weaknesses:
<ul>
Modified: tomcat/site/trunk/docs/security-6.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1232382&r1=1232381&r2=1232382&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Tue Jan 17 10:31:37 2012
@@ -436,6 +436,16 @@
</p>
+<p>Note: Mitre elected to break this issue down into multiple issues and
+ have allocated the following additional references to parts of this
+ issue:
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5062" rel="nofollow">CVE-2011-5062</a>,
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5063" rel="nofollow">CVE-2011-5063</a> and
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5064" rel="nofollow">CVE-2011-5064</a>. The Apache Tomcat security team will
+ continue to treat this as a single issue using the reference
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184" rel="nofollow">CVE-2011-1184</a>.</p>
+
+
<p>The implementation of HTTP DIGEST authentication was discovered to have
several weaknesses:
<ul>
Modified: tomcat/site/trunk/docs/security-7.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1232382&r1=1232381&r2=1232382&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Tue Jan 17 10:31:37 2012
@@ -729,6 +729,16 @@
</p>
+<p>Note: Mitre elected to break this issue down into multiple issues and
+ have allocated the following additional references to parts of this
+ issue:
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5062" rel="nofollow">CVE-2011-5062</a>,
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5063" rel="nofollow">CVE-2011-5063</a> and
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5064" rel="nofollow">CVE-2011-5064</a>. The Apache Tomcat security team will
+ continue to treat this as a single issue using the reference
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184" rel="nofollow">CVE-2011-1184</a>.</p>
+
+
<p>The implementation of HTTP DIGEST authentication was discovered to have
several weaknesses:
<ul>
Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=1232382&r1=1232381&r2=1232382&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Tue Jan 17 10:31:37 2012
@@ -70,6 +70,19 @@
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184"
rel="nofollow">CVE-2011-1184</a></p>
+ <p>Note: Mitre elected to break this issue down into multiple issues and
+ have allocated the following additional references to parts of this
+ issue:
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5062"
+ rel="nofollow">CVE-2011-5062</a>,
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5063"
+ rel="nofollow">CVE-2011-5063</a> and
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5064"
+ rel="nofollow">CVE-2011-5064</a>. The Apache Tomcat security team will
+ continue to treat this as a single issue using the reference
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184"
+ rel="nofollow">CVE-2011-1184</a>.</p>
+
<p>The implementation of HTTP DIGEST authentication was discovered to have
several weaknesses:
<ul>
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1232382&r1=1232381&r2=1232382&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Tue Jan 17 10:31:37 2012
@@ -115,6 +115,19 @@
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184"
rel="nofollow">CVE-2011-1184</a></p>
+ <p>Note: Mitre elected to break this issue down into multiple issues and
+ have allocated the following additional references to parts of this
+ issue:
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5062"
+ rel="nofollow">CVE-2011-5062</a>,
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5063"
+ rel="nofollow">CVE-2011-5063</a> and
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5064"
+ rel="nofollow">CVE-2011-5064</a>. The Apache Tomcat security team will
+ continue to treat this as a single issue using the reference
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184"
+ rel="nofollow">CVE-2011-1184</a>.</p>
+
<p>The implementation of HTTP DIGEST authentication was discovered to have
several weaknesses:
<ul>
Modified: tomcat/site/trunk/xdocs/security-7.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1232382&r1=1232381&r2=1232382&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Tue Jan 17 10:31:37 2012
@@ -283,6 +283,19 @@
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184"
rel="nofollow">CVE-2011-1184</a></p>
+ <p>Note: Mitre elected to break this issue down into multiple issues and
+ have allocated the following additional references to parts of this
+ issue:
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5062"
+ rel="nofollow">CVE-2011-5062</a>,
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5063"
+ rel="nofollow">CVE-2011-5063</a> and
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5064"
+ rel="nofollow">CVE-2011-5064</a>. The Apache Tomcat security team will
+ continue to treat this as a single issue using the reference
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1184"
+ rel="nofollow">CVE-2011-1184</a>.</p>
+
<p>The implementation of HTTP DIGEST authentication was discovered to have
several weaknesses:
<ul>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org