[tomcat8] branch jessie updated (7110c89 -> d62e614)
Emmanuel Bourg
ebourg-guest at moszumanska.debian.org
Sat Nov 12 01:15:32 UTC 2016
This is an automated email from the git hooks/post-receive script.
ebourg-guest pushed a change to branch jessie
in repository tomcat8.
from 7110c89 Release 8.0.14-1+deb8u3
new f54e32e Fixed a race condition in tomcat8.init that could be exploited to chown/chmod any file, thanks to Paul Szabo
new d3dd01d Moved the generated catalina.policy file to /var/lib/tomcat8/policy
new 1400dd2 Hardened the init.d script, thanks to Paul Szabo (Closes: #840685)
new d9ad420 Fixed CVE-2016-6794: System Property Disclosure
new 4959553 Fixed CVE-2016-5018: Security Manager Bypass
new 8515831 Fixed CVE-2016-6797: Unrestricted Access to Global Resources
new c030a7c Fixed CVE-2016-6796: Security Manager Bypass
new d62e614 Fixed CVE-2016-0762: Timing Attack
The 8 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
Summary of changes:
debian/changelog | 32 +++
...-java.security.policy-file-in-catalina.sh.patch | 6 +-
debian/patches/CVE-2016-0762.patch | 28 +++
debian/patches/CVE-2016-5018.patch | 102 +++++++++
debian/patches/CVE-2016-6794.patch | 137 ++++++++++++
debian/patches/CVE-2016-6796.patch | 81 +++++++
debian/patches/CVE-2016-6797.patch | 244 +++++++++++++++++++++
debian/patches/series | 5 +
debian/tomcat8.init | 11 +-
debian/tomcat8.postrm.in | 1 +
10 files changed, 640 insertions(+), 7 deletions(-)
create mode 100644 debian/patches/CVE-2016-0762.patch
create mode 100644 debian/patches/CVE-2016-5018.patch
create mode 100644 debian/patches/CVE-2016-6794.patch
create mode 100644 debian/patches/CVE-2016-6796.patch
create mode 100644 debian/patches/CVE-2016-6797.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat8.git
More information about the pkg-java-commits
mailing list