[Bug 1115053] Re: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10
Jamie Strandboge
jamie at ubuntu.com
Mon Mar 11 20:20:45 UTC 2013
Thanks for reworking this. This is quite the patch set! :)
I can confirm that it run the testsuite with no added failures or errors. Comparing the buildlogs also looks good. In reviewing these:
CVE-2011-3375.patch - ACK
CVE-2011-3376.patch - ACK
CVE-2012-0022.patch - ACK (had some whitespace changes, but ok)
CVE-2012-2733.patch - ACK
CVE-2012-3439.patch - not all commits are mentioned in the patch
CVE-2012-3546.patch - ACK
CVE-2012-4431.patch - ACK
CVE-2012-4534.patch - ACK
Can you comment more on CVE-2012-3439.patch? I compared it to upstream's
http://svn.apache.org/viewvc?view=rev&rev=1377807 as per your DEP-3
comments, but there were quite a few changes. You mentioned that you
"Cherrypicked changes in TesterDigestAuthenticatorPerformance.java to
adapt to the changes made in the other files since test cases for 7.0.30
are completely different to the one in 7.0.21", which is fine, but those
cherrypicked commits should also be listed.
Thanks for all your hard work on this. We're close! :)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat7 in Ubuntu.
https://bugs.launchpad.net/bugs/1115053
Title:
Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions
More information about the Ubuntu-server-bugs
mailing list