Bug#845425: Tomcat security update
Markus Koschany
apo at debian.org
Sat Nov 26 16:00:58 UTC 2016
On 22.11.2016 11:17, Emmanuel Bourg wrote:
> Three more CVEs have just been announced, a bit more serious this time :
> CVE-2016-6816 Apache Tomcat Information Disclosure
> CVE-2016-8735 Apache Tomcat Remote Code Execution
> CVE-2016-6817 Apache Tomcat Denial of Service
>
> I'll prepare the stable and jessie-backports updates for tomcat7 and
> tomcat8 today. testing/unstable already have the fixed versions.
>
Hi,
I have pushed the updates for Wheezy which is only affected by
CVE-2016-6816 and CVE-2016-8735. Could you isolate the bug in
CVE-2016-6797.patch? What exactly was missing from ResourceLinkFactory.java?
Regards,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20161126/e209128b/attachment.sig>
More information about the pkg-java-maintainers
mailing list