2015-01-16 21:22 GMT+01:00 Mathieu Parent <[email protected]>: > 2015-01-09 10:47 GMT+01:00 PIERSON Jérémie > <[email protected]>: [...] >> Tomcat6 version 6.0.41-2+squeeze5 has a bug that one of our app triggers. [...] > I will try to issue a DLA, if I have enough time.
I attached the debdiff. Can anyone review? I will upload in 3 or 4 days. Regards -- Mathieu Parent
diff --git a/debian/changelog b/debian/changelog index 4718520..0191a85 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +tomcat6 (6.0.41-2+squeeze6) squeeze-lts; urgency=medium + + * Security upload by the Debian LTS team. + * This update fixes a regression: + - Fix for "NoSuchElementException when an attribute has empty string as + value." Reported upstream as + https://issues.apache.org/bugzilla/show_bug.cgi?id=56561 + + -- Mathieu Parent <[email protected]> Fri, 16 Jan 2015 21:34:40 +0100 + tomcat6 (6.0.41-2+squeeze5) squeeze-lts; urgency=medium * Security upload by the Debian LTS team. diff --git a/java/org/apache/jasper/compiler/Validator.java b/java/org/apache/jasper/compiler/Validator.java index 32bbed3..4dea4c8 100644 --- a/java/org/apache/jasper/compiler/Validator.java +++ b/java/org/apache/jasper/compiler/Validator.java @@ -1327,8 +1327,12 @@ class Validator { } else { // Get text with \$ and \# escaping removed. // Should be a single Text node - value = ((ELNode.Text) el.iterator().next()) - .getText(); + Iterator<ELNode> it = el.iterator(); + if (it.hasNext()) { + value = ((ELNode.Text) it.next()).getText(); + } else { + value = ""; + } el = null; } }
