[ubuntu/yakkety-proposed] tomcat7 7.0.70-3 (Accepted)
LocutusOfBorg
costamagnagianfranco at yahoo.it
Fri Sep 16 17:34:42 UTC 2016
tomcat7 (7.0.70-3) unstable; urgency=high
* Team upload.
* Fixed CVE-2016-1240: A flaw in the init.d startup script allows local
attackers who have gained access to the server in the context of the
tomcat user through a vulnerability in a web application to replace
the catalina.out file with a symlink to an arbitrary file on the system,
potentially leading to a root privilege escalation.
Thanks to Dawid Golunski for the report.
Date: 2016-09-16 10:28:43.200633+00:00
Changed-By: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Signed-By: LocutusOfBorg <costamagnagianfranco at yahoo.it>
https://launchpad.net/ubuntu/+source/tomcat7/7.0.70-3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Yakkety-changes
mailing list