[tomcat7] 01/01: CVE-2016-5018 follow-up: Fixed the ClassNotFoundException when the security manager is enabled (Closes: #846298)
Emmanuel Bourg
ebourg-guest at moszumanska.debian.org
Mon Dec 5 16:58:16 UTC 2016
This is an automated email from the git hooks/post-receive script.
ebourg-guest pushed a commit to branch jessie
in repository tomcat7.
commit a0ac64ddb5528a9ce8736075e54f6d890b1ae4c8
Author: Emmanuel Bourg <ebourg at apache.org>
Date: Mon Dec 5 17:53:55 2016 +0100
CVE-2016-5018 follow-up: Fixed the ClassNotFoundException when the security manager is enabled (Closes: #846298)
---
debian/changelog | 3 +++
debian/patches/CVE-2016-5018.patch | 23 +++++++++++++++++++++++
2 files changed, 26 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 4530d0b..6ad52a1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,9 @@ tomcat7 (7.0.56-3+deb8u6) UNRELEASED; urgency=medium
package is upgraded. Thanks to Paul Szabo for the report (see #845393)
* Fixed CVE-2016-9775: Potential privilege escalation when the tomcat7
package is purged. Thanks to Paul Szabo for the report (see #845385)
+ * CVE-2016-5018 follow-up: Applied a missing modification fixing
+ a ClassNotFoundException when the security manager is enabled
+ (Closes: #846298)
* Backported a fix for a test failure in Test*NonLoginAndBasicAuthenticator
with recent JREs
* Refreshed the expired SSL certificates used by the tests
diff --git a/debian/patches/CVE-2016-5018.patch b/debian/patches/CVE-2016-5018.patch
index 0666882..e0d83d4 100644
--- a/debian/patches/CVE-2016-5018.patch
+++ b/debian/patches/CVE-2016-5018.patch
@@ -2,6 +2,7 @@ Description: Fixes CVE-2016-5018: A malicious web application was able to bypass
a configured SecurityManager via a Tomcat utility method that was accessible to
web applications.
Origin: backport, http://svn.apache.org/r1754902
+ http://svn.apache.org/r1760309
--- a/java/org/apache/jasper/runtime/JspRuntimeLibrary.java
+++ b/java/org/apache/jasper/runtime/JspRuntimeLibrary.java
@@ -14,7 +14,6 @@
@@ -98,3 +99,25 @@ Origin: backport, http://svn.apache.org/r1754902
Method method = null;
Class<?> type = null;
Class<?> propertyEditorClass = null;
+--- a/java/org/apache/jasper/compiler/JspRuntimeContext.java
++++ b/java/org/apache/jasper/compiler/JspRuntimeContext.java
+@@ -90,8 +90,6 @@
+ factory.getClass().getClassLoader().loadClass( basePackage +
+ "runtime.JspRuntimeLibrary");
+ factory.getClass().getClassLoader().loadClass( basePackage +
+- "runtime.JspRuntimeLibrary$PrivilegedIntrospectHelper");
+- factory.getClass().getClassLoader().loadClass( basePackage +
+ "runtime.ServletResponseWrapperInclude");
+ factory.getClass().getClassLoader().loadClass( basePackage +
+ "servlet.JspServletWrapper");
+--- a/java/org/apache/jasper/security/SecurityClassLoad.java
++++ b/java/org/apache/jasper/security/SecurityClassLoad.java
+@@ -46,8 +46,6 @@
+
+ loader.loadClass( basePackage +
+ "runtime.JspRuntimeLibrary");
+- loader.loadClass( basePackage +
+- "runtime.JspRuntimeLibrary$PrivilegedIntrospectHelper");
+
+ loader.loadClass( basePackage +
+ "runtime.ServletResponseWrapperInclude");
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat7.git
More information about the pkg-java-commits
mailing list