[ubuntu/trusty-security] tomcat7 7.0.52-1ubuntu0.15 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Wed Jul 25 16:58:36 UTC 2018


tomcat7 (7.0.52-1ubuntu0.15) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS via issue in UTF-8 decoder
    - debian/patches/CVE-2018-1336.patch: fix logic in
      java/org/apache/tomcat/util/buf/Utf8Decoder.java.
    - CVE-2018-1336
  * SECURITY UPDATE: missing hostname verification in WebSocket client
    - debian/patches/CVE-2018-8034.patch: enable hostname verification by
      default in webapps/docs/web-socket-howto.xml,
      java/org/apache/tomcat/websocket/WsWebSocketContainer.java.
    - CVE-2018-8034

Date: 2018-07-25 14:13:12.959811+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.15
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list