Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.maint.java > #9142
| From | Emmanuel Bourg <ebourg@apache.org> |
|---|---|
| Newsgroups | linux.debian.maint.java |
| Subject | Re: Tomcat 8 security update |
| Date | 2016-05-30 01:10 +0200 |
| Message-ID | <rEi0h-4tt-1@gated-at.bofh.it> (permalink) |
| References | <rEhdU-3M0-21@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
Le 30/05/2016 à 00:12, Markus Koschany a écrit : > I have prepared a security update for Tomcat 8 fixing 7 CVEs. In > addition I would like to fix #825786. We currently overwrite file > permissions in /etc/tomcat8/ unconditionally which could break user > specific changes on upgrade. The fix is to revert to default file > permissions root:root (rw-r-r) and change only > /etc/tomcat8/tomcat-users.xml. Thank you for fixing the CVEs Markus, I was about to handle them. Regarding #825786 I'm not sure about the suggested fix. Tomcat has to be able to write to /etc/tomcat8/Catalina and the group change will prevent that (the postinst script runs chmod 775 on /etc/tomcat8/Catalina). Emmanuel Bourg
Back to linux.debian.maint.java | Previous | Next — Previous in thread | Next in thread | Find similar
Tomcat 8 security update Markus Koschany <apo@debian.org> - 2016-05-30 00:20 +0200
Re: Tomcat 8 security update Emmanuel Bourg <ebourg@apache.org> - 2016-05-30 01:10 +0200
Re: Tomcat 8 security update Markus Koschany <apo@debian.org> - 2016-05-30 01:30 +0200
Re: Tomcat 8 security update Emmanuel Bourg <ebourg@apache.org> - 2016-05-30 08:50 +0200
Re: Tomcat 8 security update Moritz Muehlenhoff <jmm@inutil.org> - 2016-05-30 09:00 +0200
csiph-web