Le 23/11/2016 à 17:06, Arne Nordmark a écrit : > Yet another data point: > > I rebuilt 7.0.56-3+deb8u5 with CVE-2016-6797.patch deleted, and again > the problem goes away.
Would you be able to rebuild with this version of the ResourceLinkFactory class and see if it works better? https://raw.githubusercontent.com/apache/tomcat70/TOMCAT_7_0_73/java/org/apache/naming/factory/ResourceLinkFactory.java __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
