Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.maint.java > #11550
| Path | csiph.com!aioe.org!bofh.it!news.nic.it!robomod |
|---|---|
| From | Markus Koschany <apo@debian.org> |
| Newsgroups | linux.debian.maint.java |
| Subject | Re: Changes to get tomcat8 security fixes into Debian 9? |
| Date | Fri, 06 Mar 2020 00:40:01 +0100 |
| Message-ID | <zH8fT-8S-5@gated-at.bofh.it> (permalink) |
| References | <zGUcW-87O-5@gated-at.bofh.it> |
| X-Mailbox-Line | From debian-java-request@lists.debian.org Thu Mar 5 23:31:56 2020 |
| Old-Return-Path | <apo@debian.org> |
| X-Amavis-Spam-Status | No, score=-12 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, LDO_WHITELIST=-5, PGPSIGNATURE=-5] autolearn=ham autolearn_force=no |
| X-Policyd-Weight | using cached result; rate:hard: -4.6 |
| X-Greylist | delayed 406 seconds by postgrey-1.36 at bendel; Thu, 05 Mar 2020 23:31:45 UTC |
| MIME-Version | 1.0 |
| Content-Type | multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="V7cnHFtIX3fpfLvak0M7MIDux72zviPik" |
| Authentication-Results | ORIGINATING; auth=pass smtp.auth=apo@gambaru.de smtp.mailfrom=apo@debian.org |
| X-Mailing-List | <debian-java@lists.debian.org> archive/latest/22113 |
| List-ID | <debian-java.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-java/> |
| List-Archive | https://lists.debian.org/msgid-search/3599459e-7758-5682-6ba6-96e91355924f@debian.org |
| Approved | robomod@news.nic.it |
| Lines | 62 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Date | Fri, 6 Mar 2020 00:24:56 +0100 |
| X-Original-Message-ID | <3599459e-7758-5682-6ba6-96e91355924f@debian.org> |
| X-Original-References | <20200305083442.GL14082@an3as.eu> |
| Xref | csiph.com linux.debian.maint.java:11550 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
Hi Andreas, Am 05.03.20 um 09:34 schrieb Andreas Tille: > Hi, > > I was wondering, whether there is a chance to get CVE-2020-1938 fixed in > Tomcat8 in Stretch? If the chances are low possibly backporting Tomcat9 > to stretch-backports-sloppy would be a feasible way to go for me. What > would you recomment? I intend to fix tomcat8 in Stretch soon. I hope to fix tomcat9 in Buster too but wouldn't mind if someone beat me to it. Please note that the AJP connector is disabled by default in Debian and one may argue that only those users who use it with untrusted services (not recommended) are really affected. The fix might require some minor updates to your configuration. Regards, Markus
Back to linux.debian.maint.java | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
Changes to get tomcat8 security fixes into Debian 9? Andreas Tille <andreas@an3as.eu> - 2020-03-05 09:40 +0100
Re: Changes to get tomcat8 security fixes into Debian 9? Markus Koschany <apo@debian.org> - 2020-03-06 00:40 +0100
Re: Changes to get tomcat8 security fixes into Debian 9? Andreas Tille <andreas@an3as.eu> - 2020-03-06 15:20 +0100
Re: Changes to get tomcat8 security fixes into Debian 9? Andreas Tille <andreas@an3as.eu> - 2020-04-28 11:00 +0200
Re: Changes to get tomcat8 security fixes into Debian 9? Markus Koschany <apo@debian.org> - 2020-04-28 15:10 +0200
Re: Changes to get tomcat8 security fixes into Debian 9? Thorsten Glaser <t.glaser@tarent.de> - 2020-03-06 15:50 +0100
csiph-web