[ubuntu/artful-updates] tomcat8 8.5.21-1ubuntu1.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed May 30 19:58:20 UTC 2018
tomcat8 (8.5.21-1ubuntu1.1) artful-security; urgency=medium
* SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
- debian/patches/CVE-2017-12617.patch: add checks to
java/org/apache/catalina/servlets/DefaultServlet.java,
java/org/apache/catalina/webresources/AbstractFileResourceSet.java,
java/org/apache/catalina/webresources/DirResourceSet.java,
java/org/apache/tomcat/util/compat/JrePlatform.java,
test/org/apache/catalina/webresources/AbstractTestResourceSet.java,
test/org/apache/catalina/webresources/TestAbstractFileResourceSetPerformance.java.
- CVE-2017-12617
* SECURITY UPDATE: incorrectly documented CGI search algorithm
- debian/patches/CVE-2017-15706.patch: adjust documentation in
webapps/docs/cgi-howto.xml.
- CVE-2017-15706
* SECURITY UPDATE: security constraints mapped to context root are ignored
- debian/patches/CVE-2018-1304.patch: add check to
java/org/apache/catalina/realm/RealmBase.java.
- CVE-2018-1304
* SECURITY UPDATE: security constraint annotations applied too late
- debian/patches/CVE-2018-1305.patch: change ordering in
java/org/apache/catalina/Wrapper.java,
java/org/apache/catalina/authenticator/AuthenticatorBase.java,
java/org/apache/catalina/core/ApplicationContext.java,
java/org/apache/catalina/core/ApplicationServletRegistration.java,
java/org/apache/catalina/core/StandardContext.java,
java/org/apache/catalina/core/StandardWrapper.java,
java/org/apache/catalina/startup/ContextConfig.java,
java/org/apache/catalina/startup/Tomcat.java,
java/org/apache/catalina/startup/WebAnnotationSet.java.
- CVE-2018-1305
* SECURITY UPDATE: CORS filter has insecure defaults
- debian/patches/CVE-2018-8014.patch: change defaults in
java/org/apache/catalina/filters/CorsFilter.java,
java/org/apache/catalina/filters/LocalStrings.properties,
test/org/apache/catalina/filters/TestCorsFilter.java,
test/org/apache/catalina/filters/TesterFilterConfigs.java.
- CVE-2018-8014
Date: 2018-05-29 14:00:32.814359+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/tomcat8/8.5.21-1ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Artful-changes
mailing list