Hi Markus, On Sat, Feb 18, 2017 at 07:53:33PM +0100, Markus Koschany wrote: > On 18.02.2017 13:21, Salvatore Bonaccorso wrote: > [...] > > No problem. Thanks for noticing, can you let us know as usual when you > > have a debdiff ready for the regression update? > > > > I tend to see this as regression update for the previous DSA, so no > > need for a new CVE id. But let me know if someone thinks otherwise and > > I can followup with MITRE. > > > > Thanks for your coninous work, > > I agree this is a regression update. Please find attached the debdiffs > for Tomcat 7 and Tomcat 8.
Sorry for the delay (due to various circumstances). The fix looks sane to me. Assuming the fix could have been tested as well, please do upload to security-master. Regards and thanks for your work, Salvatore __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.