[tomcat8] branch jessie updated (7110c89 -> d62e614)

Emmanuel Bourg ebourg-guest at moszumanska.debian.org
Sat Nov 12 01:15:32 UTC 2016


This is an automated email from the git hooks/post-receive script.

ebourg-guest pushed a change to branch jessie
in repository tomcat8.

      from  7110c89   Release 8.0.14-1+deb8u3
       new  f54e32e   Fixed a race condition in tomcat8.init that could be exploited to chown/chmod any file, thanks to Paul Szabo
       new  d3dd01d   Moved the generated catalina.policy file to /var/lib/tomcat8/policy
       new  1400dd2   Hardened the init.d script, thanks to Paul Szabo (Closes: #840685)
       new  d9ad420   Fixed CVE-2016-6794: System Property Disclosure
       new  4959553   Fixed CVE-2016-5018: Security Manager Bypass
       new  8515831   Fixed CVE-2016-6797: Unrestricted Access to Global Resources
       new  c030a7c   Fixed CVE-2016-6796: Security Manager Bypass
       new  d62e614   Fixed CVE-2016-0762: Timing Attack

The 8 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.


Summary of changes:
 debian/changelog                                   |  32 +++
 ...-java.security.policy-file-in-catalina.sh.patch |   6 +-
 debian/patches/CVE-2016-0762.patch                 |  28 +++
 debian/patches/CVE-2016-5018.patch                 | 102 +++++++++
 debian/patches/CVE-2016-6794.patch                 | 137 ++++++++++++
 debian/patches/CVE-2016-6796.patch                 |  81 +++++++
 debian/patches/CVE-2016-6797.patch                 | 244 +++++++++++++++++++++
 debian/patches/series                              |   5 +
 debian/tomcat8.init                                |  11 +-
 debian/tomcat8.postrm.in                           |   1 +
 10 files changed, 640 insertions(+), 7 deletions(-)
 create mode 100644 debian/patches/CVE-2016-0762.patch
 create mode 100644 debian/patches/CVE-2016-5018.patch
 create mode 100644 debian/patches/CVE-2016-6794.patch
 create mode 100644 debian/patches/CVE-2016-6796.patch
 create mode 100644 debian/patches/CVE-2016-6797.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat8.git



More information about the pkg-java-commits mailing list