This is an automated email from the git hooks/post-receive script. apo pushed a commit to branch jessie in repository tomcat7.
commit edb8f7e1a4ed21cb1f54476a57cf5df29e7e7352 Author: Markus Koschany <[email protected]> Date: Sat Apr 16 09:14:52 2016 +0000 Update patch description for CVE-2015-5345.patch --- debian/patches/CVE-2015-5345.patch | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/debian/patches/CVE-2015-5345.patch b/debian/patches/CVE-2015-5345.patch index c298b6d..3d94c39 100644 --- a/debian/patches/CVE-2015-5345.patch +++ b/debian/patches/CVE-2015-5345.patch @@ -2,6 +2,13 @@ From: Markus Koschany <[email protected]> Date: Sun, 27 Mar 2016 20:37:30 +0200 Subject: CVE-2015-5345 +The Mapper component in Apache Tomcat processes redirects before considering +security constraints and Filters, which allows remote attackers to determine +the existence of a directory via a URL that lacks a trailing / (slash) +character. + +http://svn.apache.org/viewvc?view=revision&revision=1715213 +http://svn.apache.org/viewvc?view=revision&revision=1717212 --- .../catalina/authenticator/FormAuthenticator.java | 14 ++++++++ java/org/apache/catalina/core/StandardContext.java | 37 ++++++++++++++++++++-- -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/tomcat7.git _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
