Bug#845425: DataSource no longer accessible since jessie security update
Emmanuel Bourg
ebourg at apache.org
Thu Dec 8 00:25:37 UTC 2016
Le 7/12/2016 à 20:16, Arne Nordmark a écrit :
> OK. I first built 7.0.56-3+deb8u5 as distributed, installed, and
> verified that your example works but not my webapp. Then I added the
> loop to validateGlobalResourceAccess() (patch attached), reinstalled
> libtomcat7-java, restarted tomcat7, and verified that both webapps now work.
>
> Thanks for your patience,
Thanks a lot for the tests Arne. We are basically missing the commit
1763236 [1] that added the recursion through the classloader hierarchy.
This commit wasn't documented as related to CVE-2016-6797. I'll add it
in the next update. The tomcat8 package is also affected.
Emmanuel Bourg
[1] https://svn.apache.org/r1763236
More information about the pkg-java-maintainers
mailing list