This is an automated email from the git hooks/post-receive script. ebourg-guest pushed a commit to branch wheezy in repository tomcat7.
commit 3404ea4badb09b7afe99f0cb18213a968b78bb70 Author: Emmanuel Bourg <[email protected]> Date: Mon Feb 17 16:24:32 2014 +0100 Fix CVE-2013-2071: Information disclosure --- debian/changelog | 3 ++ debian/patches/0020-CVE-2013-2071.patch | 62 +++++++++++++++++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 66 insertions(+) diff --git a/debian/changelog b/debian/changelog index f89b688..a497314 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,6 +8,9 @@ tomcat7 (7.0.28-4+deb7u1) wheezy-security; urgency=high a request for an authenticated resource while the victim is completing the login form, an attacker could inject a request that would be executed using the victim's credentials. + * Fix for CVE-2013-2071: A runtime exception in AsyncListener.onComplete() + prevents the request from being recycled. This may expose elements of a + previous request to a current request. -- Emmanuel Bourg <[email protected]> Sun, 09 Feb 2014 01:09:12 +0100 diff --git a/debian/patches/0020-CVE-2013-2071.patch b/debian/patches/0020-CVE-2013-2071.patch new file mode 100644 index 0000000..856e863 --- /dev/null +++ b/debian/patches/0020-CVE-2013-2071.patch @@ -0,0 +1,62 @@ +Description: Fix for CVE-2013-2071: A runtime exception in AsyncListener.onComplete() + prevents the request from being recycled. This may expose elements of a previous + request to a current request. +Origin: backport from Tomcat 7.0.40, http://svn.apache.org/r1471372 +Bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=54178 +--- a/java/org/apache/catalina/core/AsyncContextImpl.java ++++ b/java/org/apache/catalina/core/AsyncContextImpl.java +@@ -98,9 +98,10 @@ public class AsyncContextImpl implements + for (AsyncListenerWrapper listener : listenersCopy) { + try { + listener.fireOnComplete(event); +- } catch (IOException ioe) { ++ } catch (Throwable t) { ++ ExceptionUtils.handleThrowable(t); + log.warn("onComplete() failed for listener of type [" + +- listener.getClass().getName() + "]", ioe); ++ listener.getClass().getName() + "]", t); + } + } + } +@@ -115,7 +116,13 @@ public class AsyncContextImpl implements + new ArrayList<AsyncListenerWrapper>(); + listenersCopy.addAll(listeners); + for (AsyncListenerWrapper listener : listenersCopy) { +- listener.fireOnTimeout(event); ++ try { ++ listener.fireOnTimeout(event); ++ } catch (Throwable t) { ++ ExceptionUtils.handleThrowable(t); ++ log.warn("onTimeout() failed for listener of type [" + ++ listener.getClass().getName() + "]", t); ++ } + listenerInvoked = true; + } + if (listenerInvoked) { +@@ -294,9 +301,10 @@ public class AsyncContextImpl implements + for (AsyncListenerWrapper listener : listenersCopy) { + try { + listener.fireOnStartAsync(event); +- } catch (IOException ioe) { ++ } catch (Throwable t) { ++ ExceptionUtils.handleThrowable(t); + log.warn("onStartAsync() failed for listener of type [" + +- listener.getClass().getName() + "]", ioe); ++ listener.getClass().getName() + "]", t); + } + } + listeners.clear(); +@@ -357,9 +365,10 @@ public class AsyncContextImpl implements + for (AsyncListenerWrapper listener : listenersCopy) { + try { + listener.fireOnError(errorEvent); +- } catch (IOException ioe) { +- log.warn("onStartAsync() failed for listener of type [" + +- listener.getClass().getName() + "]", ioe); ++ } catch (Throwable t2) { ++ ExceptionUtils.handleThrowable(t); ++ log.warn("onError() failed for listener of type [" + ++ listener.getClass().getName() + "]", t2); + } + } + } diff --git a/debian/patches/series b/debian/patches/series index 49e83e1..e4650e5 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -15,3 +15,4 @@ cve-2012-3439-tests.patch 0017-CVE-2012-3546.patch 0018-CVE-2014-0050.patch 0019-CVE-2013-2067.patch +0020-CVE-2013-2071.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat7.git _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
