[tomcat7] 02/02: Update patch description for CVE-2015-5345.patch
Markus Koschany
apo at moszumanska.debian.org
Sat Apr 16 12:59:47 UTC 2016
This is an automated email from the git hooks/post-receive script.
apo pushed a commit to branch jessie
in repository tomcat7.
commit edb8f7e1a4ed21cb1f54476a57cf5df29e7e7352
Author: Markus Koschany <apo at debian.org>
Date: Sat Apr 16 09:14:52 2016 +0000
Update patch description for CVE-2015-5345.patch
---
debian/patches/CVE-2015-5345.patch | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/debian/patches/CVE-2015-5345.patch b/debian/patches/CVE-2015-5345.patch
index c298b6d..3d94c39 100644
--- a/debian/patches/CVE-2015-5345.patch
+++ b/debian/patches/CVE-2015-5345.patch
@@ -2,6 +2,13 @@ From: Markus Koschany <apo at debian.org>
Date: Sun, 27 Mar 2016 20:37:30 +0200
Subject: CVE-2015-5345
+The Mapper component in Apache Tomcat processes redirects before considering
+security constraints and Filters, which allows remote attackers to determine
+the existence of a directory via a URL that lacks a trailing / (slash)
+character.
+
+http://svn.apache.org/viewvc?view=revision&revision=1715213
+http://svn.apache.org/viewvc?view=revision&revision=1717212
---
.../catalina/authenticator/FormAuthenticator.java | 14 ++++++++
java/org/apache/catalina/core/StandardContext.java | 37 ++++++++++++++++++++--
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat7.git
More information about the pkg-java-commits
mailing list