Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.maint.java > #11585

Re: Changes to get tomcat8 security fixes into Debian 9?

From Andreas Tille <andreas@an3as.eu>
Newsgroups linux.debian.maint.java
Subject Re: Changes to get tomcat8 security fixes into Debian 9?
Date 2020-04-28 11:00 +0200
Message-ID <A0ufV-1fX-11@gated-at.bofh.it> (permalink)
References <zGUcW-87O-5@gated-at.bofh.it> <zH8fT-8S-5@gated-at.bofh.it> <zHlZw-pS-9@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

On Fri, Mar 06, 2020 at 03:17:09PM +0100, Andreas Tille wrote:
> On Fri, Mar 06, 2020 at 12:24:56AM +0100, Markus Koschany wrote:
> > Hi Andreas,
> > 
> > Am 05.03.20 um 09:34 schrieb Andreas Tille:
> > > Hi,
> > > 
> > > I was wondering, whether there is a chance to get CVE-2020-1938 fixed in
> > > Tomcat8 in Stretch?  If the chances are low possibly backporting Tomcat9
> > > to stretch-backports-sloppy would be a feasible way to go for me.  What
> > > would you recomment?
> > 
> > I intend to fix tomcat8 in Stretch soon. I hope to fix tomcat9 in Buster
> > too but wouldn't mind if someone beat me to it.
> 
> I'd really welcome if you or anybody who might beat you would care for
> this.  I'm pretty sure that I will not put my incompetent hands on it if
> I know you will do this in a foreseable time frame.
>  
> > Please note that the AJP connector is disabled by default in Debian and
> > one may argue that only those users who use it with untrusted services
> > (not recommended) are really affected.
> 
> I've verified that this part of the configuration was not changed in our
> case.  Thanks a lot for the helpful hint
> 
>       Andreas.

Any news about the tomcat backport?

Kind regards

       Andreas. 

-- 
http://fam-tille.de

Back to linux.debian.maint.java | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Changes to get tomcat8 security fixes into Debian 9? Andreas Tille <andreas@an3as.eu> - 2020-03-05 09:40 +0100
  Re: Changes to get tomcat8 security fixes into Debian 9? Markus Koschany <apo@debian.org> - 2020-03-06 00:40 +0100
    Re: Changes to get tomcat8 security fixes into Debian 9? Andreas Tille <andreas@an3as.eu> - 2020-03-06 15:20 +0100
      Re: Changes to get tomcat8 security fixes into Debian 9? Andreas Tille <andreas@an3as.eu> - 2020-04-28 11:00 +0200
        Re: Changes to get tomcat8 security fixes into Debian 9? Markus Koschany <apo@debian.org> - 2020-04-28 15:10 +0200
    Re: Changes to get tomcat8 security fixes into Debian 9? Thorsten Glaser <t.glaser@tarent.de> - 2020-03-06 15:50 +0100

csiph-web