oss-sec mailing list archives
Re: CVE request: tomcat privilege escalations in Debian packaging
From: <cve-assign () mitre org>
Date: Fri, 2 Dec 2016 13:05:50 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
* Privilege escalation when upgrading tomcat8 package https://bugs.debian.org/845393 create a symlink
Use CVE-2016-9774.
* Privilege escalation when removing tomcat8 package https://bugs.debian.org/845385 leave the file world-writable, setgid root
Use CVE-2016-9775. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYQbZLAAoJEHb/MwWLVhi26aEP/ivGNYnCc7vu3VwntDka67ma DDy626ySFxqZ42rsqODKp+sUDTcvpSl3zrdjMgD2RsFcozm/Wxw3UrfwsCA2hyJe 7777Ho0aXuncTFtj+X/iWWbe0lgua1txSHukKmHrj8OUGdFrLZ++V0cKvo/UB2YC rrezzxvjTs5MyB7hfJTIq7adB2NU02Zoq5SZG6hwZ7KJvL7BwR6S2zJcqEyE9lNB mH9ELOcAJVEDkLp08TO+Gsjzttn5+VgV2d2Z/FZ88QlvET/pUDnq2lFE9VLwK7LH bQ2/DXlr7L3ysQowFW8wKfVmRrIGfBf6ghSJB14HLsISpUan09M/Hxia2gnBDrqG cFZxuqk8rB82+Wv/8d0MpYHY7wraLn1xtya0uEosq77zANLFYAUagH2U0tbKmy6x Ynw5XlJSSfdrz99YNvUYSo9stdc0tl1fh+U+TVdceSymX05vBixrn1/6mG9U2rMO NovO4Vw4ZlhGXhNbIfIBUC9zFeOuWMopv7TYK+koOZyMlDVRHFpCzg/uJWgM9GhX 8SmBKTu/30JFYQMXQxEr+FeK3HH4ypkuHh4ypipC3X1SSh/a/+b47HTKA4Zq3MCb Cq+ujDVuJTHjxBrfJjdYj5pdV8L5UKPCYCwVbTq4zYKDpvNwkymk6sNitx8rl+4z zfAuJp63CxW2QXE2CgKx =xpEE -----END PGP SIGNATURE-----
Current thread:
- CVE request: tomcat privilege escalations in Debian packaging Sébastien Delafond (Dec 02)
- Re: CVE request: tomcat privilege escalations in Debian packaging cve-assign (Dec 02)