Bug#851304: Bug#854551: Bug#851304: tomcat8 use 100% cpu time

On 20.02.2017 17:45, Salvatore Bonaccorso wrote: [...] > Sorry for the delay (due to various circumstances). The fix looks sane > to me. Assuming the fix could have been tested as well, please do > upload to security-master. > Hi, no problem. I have just uploaded both packages to

Bug#851304: Bug#854551: Bug#851304: tomcat8 use 100% cpu time

Hi Markus, On Sat, Feb 18, 2017 at 07:53:33PM +0100, Markus Koschany wrote: > On 18.02.2017 13:21, Salvatore Bonaccorso wrote: > [...] > > No problem. Thanks for noticing, can you let us know as usual when you > > have a debdiff ready for the regression update? > > > > I tend to see this as

Bug#854551: Bug#851304: tomcat8 use 100% cpu time

On 18.02.2017 13:21, Salvatore Bonaccorso wrote: [...] > No problem. Thanks for noticing, can you let us know as usual when you > have a debdiff ready for the regression update? > > I tend to see this as regression update for the previous DSA, so no > need for a new CVE id. But let me know if

Bug#851304: tomcat8 use 100% cpu time

Hi Markus, On Fri, Feb 17, 2017 at 10:19:18PM +0100, Markus Koschany wrote: > On 17.02.2017 22:09, Salvatore Bonaccorso wrote: > > Hi Markus, hi Emmanuel, > > > > On Mon, Feb 13, 2017 at 10:48:20AM +0100, Markus Koschany wrote: > >> On 13.02.2017 08:34, Moritz Mühlenhoff wrote: > >>> On Sun, Feb

Bug#851304: tomcat8 use 100% cpu time

On 17.02.2017 22:09, Salvatore Bonaccorso wrote: > Hi Markus, hi Emmanuel, > > On Mon, Feb 13, 2017 at 10:48:20AM +0100, Markus Koschany wrote: >> On 13.02.2017 08:34, Moritz Mühlenhoff wrote: >>> On Sun, Feb 12, 2017 at 09:38:31PM +0100, Markus Koschany wrote: Hi, a bug was

Bug#854551: Bug#851304: tomcat8 use 100% cpu time

Hi Markus, hi Emmanuel, On Mon, Feb 13, 2017 at 10:48:20AM +0100, Markus Koschany wrote: > On 13.02.2017 08:34, Moritz Mühlenhoff wrote: > > On Sun, Feb 12, 2017 at 09:38:31PM +0100, Markus Koschany wrote: > >> Hi, > >> > >> a bug was reported against tomcat8 and tomcat7 in Jessie and it seems >

Bug#851304: tomcat8 use 100% cpu time

I tried the updated package and it work well. RickLinux Original Message From:Markus Koschany Sent:Thu, 09 Feb 2017 20:28:53 -0500 To:linux...@gmail.com,k...@juplo.de Cc:851...@bugs.debian.org Subject:Re: tomcat8 use 100% cpu time >Hello, > >thank you for

Bug#854551: Bug#851304: tomcat8 use 100% cpu time

On 13.02.2017 08:34, Moritz Mühlenhoff wrote: > On Sun, Feb 12, 2017 at 09:38:31PM +0100, Markus Koschany wrote: >> Hi, >> >> a bug was reported against tomcat8 and tomcat7 in Jessie and it seems >> the issue is related to our latest security updates. We would like to >> address this regression as

Bug#854551: Bug#851304: tomcat8 use 100% cpu time

On Sun, Feb 12, 2017 at 09:38:31PM +0100, Markus Koschany wrote: > Hi, > > a bug was reported against tomcat8 and tomcat7 in Jessie and it seems > the issue is related to our latest security updates. We would like to > address this regression as soon as possible because this one can be >

Bug#851304: tomcat8 use 100% cpu time

Hi, a bug was reported against tomcat8 and tomcat7 in Jessie and it seems the issue is related to our latest security updates. We would like to address this regression as soon as possible because this one can be triggered remotely and cause a denial-of-service. I have attached the debdiffs for

Bug#851304: tomcat8 use 100% cpu time

On 12.02.2017 11:24, Kai Moritz wrote: > Hi Markus, > > > I installed the updated packages (in my case only: libtomcat8-java, > tomcat8-common and tomcat8) on three different servers. My private one, > that serves only my own little projects, a test-server and a redundant > production server at

Bug#851304: tomcat8 use 100% cpu time

Hi Markus, I installed the updated packages (in my case only: libtomcat8-java, tomcat8-common and tomcat8) on three different servers. My private one, that serves only my own little projects, a test-server and a redundant production server at work. It looks like they fix the reported issue

Bug#851304: tomcat8 use 100% cpu time

I will give it a try as soon as possible. I would be glad to help RickLinux On Feb 9, 2017 8:28 PM, "Markus Koschany" wrote: > Hello, > > thank you for reporting this bug. We think we have found a solution for > this issue. I have uploaded new binary packages of Tomcat 8 for

Bug#851304: tomcat8 use 100% cpu time

Hello, thank you for reporting this bug. We think we have found a solution for this issue. I have uploaded new binary packages of Tomcat 8 for Debian Jessie to [1] and a debdiff in case you prefer to build the package from source. We would appreciate it if you could test those packages and tell

Bug#851304: tomcat8 use 100% cpu time

Le 8/02/2017 à 15:52, Markus Koschany a écrit : > it appears that Tomcat 7 and 8 in Jessie and Wheezy are affected by this > bug. Are you still working on it or shall I prepare updates for > -security based on the upstream patch from > >

Bug#851304: tomcat8 use 100% cpu time - confirmation

Looks like this is the proposed upstream fix: https://github.com/apache/tomcat80/commit/614e7f78aecc429d8740bb59900c2f9fbc86a788#diff-2aeb244142da5fcb78a54e23f717fcd2 signature.asc Description: OpenPGP digital signature __ This is the maintainer address of Debian's Java team

Bug#851304: tomcat8 use 100% cpu time - confirmation

Control: forwarded -1 https://bz.apache.org/bugzilla/show_bug.cgi?id=60578 I am marking this bug as forwarded in case someone is wondering about the current progress. Apparently Emmanuel is already working on an update. signature.asc Description: OpenPGP digital signature __ This is the

Bug#851304: tomcat8 use 100% cpu time - confirmation

Dear Maintainer, I can confirm the observations of RickLinux. I have observed the exact same behaviour on several debian-hosts, that are running Jessie with the version 8.0.14-1+deb8u6 of the tomcat-packages (and also u4 and u5). In my case, the effect is triggered by scans, that hit the

Bug#851304: tomcat8 use 100% cpu time

Package: tomcat8 Version: 8.0.14-1+deb8u6 Severity: important Dear Maintainer, I noticed a bump in CPU load up to 100% per CPU. It appear from tomcat8-8.0.14-1+deb8u4 and up. Here how to create the bug. http://localhost:8080, no problem. https://localhost:8443, no problem (need to create a