[Git][java-team/tomcat7][jessie] 2 commits: Import Upstream version 7.0.56-3+really7.0.91

Markus Koschany gitlab at salsa.debian.org
Tue Oct 23 21:53:46 BST 2018 

Markus Koschany pushed to branch jessie at Debian Java Maintainers / tomcat7


Commits:
8647b39e by Markus Koschany at 2018-10-23T20:53:08Z
Import Upstream version 7.0.56-3+really7.0.91
- - - - -
2fcc56ad by Markus Koschany at 2018-10-23T20:53:12Z
Import Debian changes 7.0.56-3+really7.0.91-1

tomcat7 (7.0.56-3+really7.0.91-1) jessie-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix CVE-2018-11784:
    Sergey Bobrov discovered that when the default servlet returned a redirect
    to a directory (e.g. redirecting to /foo/ when the user requested /foo) a
    specially crafted URL could be used to cause the redirect to be generated
    to any URI of the attackers choice.

- - - - -


30 changed files:

- BUILDING.txt
- RELEASE-NOTES
- bin/daemon.sh
- build.properties.default
- build.xml
- conf/catalina.properties
- debian/changelog
- debian/patches/0017-use-jdbc-pool-default.patch
- debian/patches/series
- + debian/patches/tomcat-7.0.91-build-failure.patch
- debian/rules
- java/javax/servlet/resources/XMLSchema.dtd
- java/javax/servlet/resources/j2ee_web_services_client_1_1.xsd
- java/org/apache/catalina/Globals.java
- java/org/apache/catalina/connector/Request.java
- java/org/apache/catalina/core/ApplicationContext.java
- java/org/apache/catalina/core/ContainerBase.java
- java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java
- java/org/apache/catalina/deploy/LocalStrings.properties
- java/org/apache/catalina/deploy/ResourceBase.java
- java/org/apache/catalina/filters/CorsFilter.java
- java/org/apache/catalina/filters/ExpiresFilter.java
- java/org/apache/catalina/ha/session/DeltaManager.java
- java/org/apache/catalina/ha/session/SessionMessageImpl.java
- java/org/apache/catalina/ha/session/mbeans-descriptors.xml
- java/org/apache/catalina/ha/tcp/SimpleTcpCluster.java
- java/org/apache/catalina/loader/WebappLoader.java
- java/org/apache/catalina/manager/LocalStrings.properties
- + java/org/apache/catalina/manager/LocalStrings_ru.properties
- java/org/apache/catalina/manager/StatusManagerServlet.java


The diff was not included because it is too large.


View it on GitLab: https://salsa.debian.org/java-team/tomcat7/compare/fa9d5f97f961decf002363aa811981897d581982...2fcc56adbefa3986ccefa8390b1b785947ad626f

-- 
View it on GitLab: https://salsa.debian.org/java-team/tomcat7/compare/fa9d5f97f961decf002363aa811981897d581982...2fcc56adbefa3986ccefa8390b1b785947ad626f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20181023/cbfd8f45/attachment.html>

More information about the pkg-java-commits mailing list