[ubuntu/trusty-security] tomcat7 7.0.52-1ubuntu0.14 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Wed May 30 17:35:31 UTC 2018
tomcat7 (7.0.52-1ubuntu0.14) trusty-security; urgency=medium
* SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
- debian/patches/CVE-2017-1261x.patch: add checks to
java/org/apache/catalina/servlets/DefaultServlet.java
java/org/apache/naming/resources/FileDirContext.java,
java/org/apache/naming/resources/JrePlatform.java,
java/org/apache/naming/resources/LocalStrings.properties,
java/org/apache/naming/resources/VirtualDirContext.java,
test/org/apache/naming/resources/TestFileDirContext.java.
- CVE-2017-12616
- CVE-2017-12617
* SECURITY UPDATE: security constraints mapped to context root are ignored
- debian/patches/CVE-2018-1304.patch: add check to
java/org/apache/catalina/realm/RealmBase.java.
- CVE-2018-1304
* SECURITY UPDATE: security constraint annotations applied too late
- debian/patches/CVE-2018-1305.patch: change ordering in
java/org/apache/catalina/Wrapper.java,
java/org/apache/catalina/authenticator/AuthenticatorBase.java,
java/org/apache/catalina/core/ApplicationContext.java,
java/org/apache/catalina/core/ApplicationServletRegistration.java,
java/org/apache/catalina/core/StandardContext.java,
java/org/apache/catalina/core/StandardWrapper.java,
java/org/apache/catalina/startup/ContextConfig.java,
java/org/apache/catalina/startup/Tomcat.java,
java/org/apache/catalina/startup/WebAnnotationSet.java.
- CVE-2018-1305
* SECURITY UPDATE: CORS filter has insecure defaults
- debian/patches/CVE-2018-8014.patch: change defaults in
java/org/apache/catalina/filters/CorsFilter.java,
java/org/apache/catalina/filters/LocalStrings.properties,
test/org/apache/catalina/filters/TestCorsFilter.java,
test/org/apache/catalina/filters/TesterFilterConfigs.java.
- CVE-2018-8014
Date: 2018-05-30 11:23:13.002263+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.14
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list