Bug 428268 - CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_4.2]
Summary: CVE-2007-5333 Improve cookie parsing for tomcat5 [rhn_satellite_4.2]
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Other   
(Show other bugs)
Version: 420
Hardware: All Linux
low
low
Target Milestone: ---
Assignee: Miroslav Suchý
QA Contact: Preethi Thomas
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks: 135141 CVE-2007-5333 439866
TreeView+ depends on / blocked
 
Reported: 2008-01-10 12:48 UTC by Marc Schoenefeld
Modified: 2008-06-17 14:03 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-06-03 14:11:48 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Marc Schoenefeld 2008-01-10 12:48:42 UTC
rhn_satellite_4.2 tracking bug: see blocks bug list for full details of the security issue(s).

This bug is never intended to be made public, please put any public notes in the 'blocks' bugs.

For the security issues handling process overview see: http://intranet.corp.redhat.com/ic/intranet/SecurityZStreamFAQ

[bug automatically created by: add-tracking-bugs]

Comment 1 Miroslav Suchý 2008-04-16 12:00:19 UTC
Promoted tomcat5-5.0.30-0jpp_10rh.noarch.rpm from support-satellite-5.0-4AS-java
collection, where we fixed it.

Comment 2 Miroslav Suchý 2008-04-29 12:18:52 UTC
QA push for 4.2.3 complete: satellite-4.2.3-1 and proxy-4.2.3-1 are
now on webqa. Note that there is _no_ ISO planned for the 4.2.3
release.

Developers, please move your bugs ON_QA.

Comment 3 Preethi Thomas 2008-05-07 18:01:49 UTC
verified in sat 4.2.3 rhel3 & rhel4  

Comment 4 Mark J. Cox 2008-06-02 09:25:34 UTC
Even if fix is included we won't claim to fix this CVE because of 

https://bugzilla.redhat.com/show_bug.cgi?id=428269#c7


Comment 5 Miroslav Suchý 2008-06-03 14:11:48 UTC
WontFIX based on #4


Note You need to log in before you can comment on or make changes to this bug.