Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.maint.java > #9033
| Path | csiph.com!news.freedyn.net!aioe.org!bofh.it!news.nic.it!robomod |
|---|---|
| From | Florian Weimer <fw@deneb.enyo.de> |
| Newsgroups | linux.debian.maint.java |
| Subject | Re: Tomcat 7 security update |
| Date | Sat, 16 Apr 2016 16:50:02 +0200 |
| Message-ID | <rozy9-4VT-5@gated-at.bofh.it> (permalink) |
| References | <rhHTQ-ZO-19@gated-at.bofh.it> <roxZn-3zW-9@gated-at.bofh.it> |
| X-Original-To | Markus Koschany <apo@debian.org> |
| X-Mailbox-Line | From debian-java-request@lists.debian.org Sat Apr 16 14:43:02 2016 |
| Old-Return-Path | <fw@deneb.enyo.de> |
| X-Amavis-Spam-Status | No, score=-7.996 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, LDO_WHITELIST=-5, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.996] autolearn=ham autolearn_force=no |
| X-Policyd-Weight | using cached result; rate: -6.1 |
| X-Greylist | delayed 1714 seconds by postgrey-1.35 at bendel; Sat, 16 Apr 2016 14:42:49 UTC |
| MIME-Version | 1.0 |
| Content-Type | text/plain |
| X-Mailing-List | <debian-java@lists.debian.org> archive/latest/19360 |
| List-ID | <debian-java.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-java/> |
| List-Archive | https://lists.debian.org/msgid-search/87bn59r68b.fsf@mid.deneb.enyo.de |
| Approved | robomod@news.nic.it |
| Lines | 39 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Cc | "team\@security.debian.org" <team@security.debian.org>, debian-java@lists.debian.org |
| X-Original-Date | Sat, 16 Apr 2016 16:14:12 +0200 |
| X-Original-Message-ID | <87bn59r68b.fsf@mid.deneb.enyo.de> |
| X-Original-References | <56F956D4.1000503@gambaru.de> <5712369C.2030408@debian.org> |
| Xref | csiph.com linux.debian.maint.java:9033 |
Show key headers only | View raw
* Markus Koschany: > Am 28.03.2016 um 18:07 schrieb Markus Koschany: >> [first e-mail failed, attachment is compressed now] >> >> Hello Security Team, hello Java Team >> >> I have prepared security updates for Tomcat 7 fixing 9 CVEs in Wheezy >> and 7 CVEs in Jessie. > > Hi, > > since I haven't heard anything negative about the security update for > Tomcat7 so far, I'm hereby sending you the final debdiffs for Wheezy and > Jessie. > > After further investigation into the test failures I'm convinced now > that they are unrelated to the update because they also occur with the > current version and it seems they can be traced back to an update of > OpenJDK 7. According to [1] the error is caused by stricter checking of > values in cookie names. The error message is: > > Illegal character(s) in message header field: Cookie: Yes, the test appears to be broken. I found this upstream commit: ------------------------------------------------------------------------ r1715547 | fschumacher | 2015-11-21 18:54:14 +0100 (Sat, 21 Nov 2015) | 4 lines Don't add ":" to cookie name. It is illegal in newer jre. Merge from r1715544 /tomcat/tc8.0.x/trunk Packaging-wise, the changes look okay. Could you please upload? Thanks, Florian
Back to linux.debian.maint.java | Previous | Next — Previous in thread | Find similar | Unroll thread
Tomcat 7 security update Markus Koschany <apo@gambaru.de> - 2016-03-28 18:10 +0200
Re: Tomcat 7 security update Markus Koschany <apo@debian.org> - 2016-04-16 16:40 +0200
Re: Tomcat 7 security update Florian Weimer <fw@deneb.enyo.de> - 2016-04-16 20:00 +0200
Re: Tomcat 7 security update Markus Koschany <apo@debian.org> - 2016-04-17 14:50 +0200
Re: Tomcat 7 security update Florian Weimer <fw@deneb.enyo.de> - 2016-04-16 16:50 +0200
csiph-web