[tomcat8] 01/01: Upload to jessie-security
Emmanuel Bourg
ebourg-guest at moszumanska.debian.org
Sat Dec 17 13:49:44 UTC 2016
This is an automated email from the git hooks/post-receive script.
ebourg-guest pushed a commit to branch jessie
in repository tomcat8.
commit 1d57d1655a516412024bf552a88ffac602d62681
Author: Emmanuel Bourg <ebourg at apache.org>
Date: Sat Dec 17 09:19:45 2016 +0100
Upload to jessie-security
---
debian/changelog | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index f51469c..a7b38c2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,9 @@
-tomcat8 (8.0.14-1+deb8u5) UNRELEASED; urgency=medium
+tomcat8 (8.0.14-1+deb8u5) jessie-security; urgency=high
+ * Fixed CVE-2016-9774: Potential privilege escalation when the tomcat8
+ package is upgraded. Thanks to Paul Szabo for the report (Closes: #845393)
+ * Fixed CVE-2016-9775: Potential privilege escalation when the tomcat8
+ package is purged. Thanks to Paul Szabo for the report (Closes: #845385)
* Fixed CVE-2016-6816: The code that parsed the HTTP request line permitted
invalid characters. This could be exploited, in conjunction with a proxy
that also permitted the invalid characters but with a different
@@ -30,13 +34,9 @@ tomcat8 (8.0.14-1+deb8u5) UNRELEASED; urgency=medium
* Added asm-all.jar to the test classpath to fix TestWebappServiceLoader
* Fixed a test failure in the new TestNamingContext test added with the fix
for CVE-2016-6797
- * Fixed a potential privilege escalation when the tomcat8 package is upgraded.
- Thanks to Paul Szabo for the report (Closes: #845393)
- * Fixed a potential privilege escalation when the tomcat8 package is purged.
- Thanks to Paul Szabo for the report (Closes: #845385)
* Test failures are no longer ignored and now stop the build
- -- Emmanuel Bourg <ebourg at apache.org> Tue, 22 Nov 2016 23:21:56 +0100
+ -- Emmanuel Bourg <ebourg at apache.org> Sat, 17 Dec 2016 09:19:36 +0100
tomcat8 (8.0.14-1+deb8u4) jessie-security; urgency=medium
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat8.git
More information about the pkg-java-commits
mailing list