Re: Tomcat mitigations for CVE-2022-21449

2022-05-01 Thread Konstantin Kolinko
пт, 29 апр. 2022 г. в 21:41, Christopher Schultz : > > All, > > CVE-2022-21449 is a bug in the JDK which allows a malicious signer using > ECDSA to forge a signature which an affected (buggy) verifier fails to > detect. > > I used deliberate language above instead of "client" and "server" > because

Bug report for Tomcat 10 [2022/05/01]

2022-05-01 Thread bugzilla
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

Bug report for Tomcat Modules [2022/05/01]

2022-05-01 Thread bugzilla
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

Bug report for Tomcat 8 [2022/05/01]

2022-05-01 Thread bugzilla
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

Bug report for Tomcat 9 [2022/05/01]

2022-05-01 Thread bugzilla
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

Bug report for Tomcat Native [2022/05/01]

2022-05-01 Thread bugzilla
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

Bug report for Tomcat Connectors [2022/05/01]

2022-05-01 Thread bugzilla
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned

Bug report for Taglibs [2022/05/01]

2022-05-01 Thread bugzilla
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned