subject:"\[Bug 1721749\] Re\: Security Fix \- CVE\-2017\-12617"

[Bug 1721749] Re: Security Fix - CVE-2017-12617

2021-01-08 Thread Mathew Hodson

tomcat7 (7.0.52-1ubuntu0.14) trusty-security; urgency=medium

  * SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
- debian/patches/CVE-2017-1261x.patch: add checks to
  java/org/apache/catalina/servlets/DefaultServlet.java
  java/org/apache/naming/resources/FileDirContext.java,
  java/org/apache/naming/resources/JrePlatform.java,
  java/org/apache/naming/resources/LocalStrings.properties,
  java/org/apache/naming/resources/VirtualDirContext.java,
  test/org/apache/naming/resources/TestFileDirContext.java.
- CVE-2017-12616
- CVE-2017-12617
  * SECURITY UPDATE: security constraints mapped to context root are ignored
- debian/patches/CVE-2018-1304.patch: add check to
  java/org/apache/catalina/realm/RealmBase.java.
- CVE-2018-1304
  * SECURITY UPDATE: security constraint annotations applied too late
- debian/patches/CVE-2018-1305.patch: change ordering in
  java/org/apache/catalina/Wrapper.java,
  java/org/apache/catalina/authenticator/AuthenticatorBase.java,
  java/org/apache/catalina/core/ApplicationContext.java,
  java/org/apache/catalina/core/ApplicationServletRegistration.java,
  java/org/apache/catalina/core/StandardContext.java,
  java/org/apache/catalina/core/StandardWrapper.java,
  java/org/apache/catalina/startup/ContextConfig.java,
  java/org/apache/catalina/startup/Tomcat.java,
  java/org/apache/catalina/startup/WebAnnotationSet.java.
- CVE-2018-1305
  * SECURITY UPDATE: CORS filter has insecure defaults
- debian/patches/CVE-2018-8014.patch: change defaults in
  java/org/apache/catalina/filters/CorsFilter.java,
  java/org/apache/catalina/filters/LocalStrings.properties,
  test/org/apache/catalina/filters/TestCorsFilter.java,
  test/org/apache/catalina/filters/TesterFilterConfigs.java.
- CVE-2018-8014

 -- Marc Deslauriers   Tue, 29 May 2018
10:22:42 -0400

** Also affects: tomcat7 (Ubuntu)
   Importance: Undecided
   Status: New

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-1261

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12616

** Changed in: tomcat7 (Ubuntu Trusty)
   Status: New => Fix Released

** No longer affects: tomcat8 (Ubuntu Trusty)

** Changed in: tomcat7 (Ubuntu Artful)
   Status: New => Won't Fix

** No longer affects: tomcat7 (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1721749

Title:
  Security Fix - CVE-2017-12617

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1721749/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1721749] Re: Security Fix - CVE-2017-12617

2018-05-30 Thread Launchpad Bug Tracker

This bug was fixed in the package tomcat8 - 8.0.32-1ubuntu1.6

---
tomcat8 (8.0.32-1ubuntu1.6) xenial-security; urgency=medium

  * SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
- debian/patches/CVE-2017-12617.patch: add checks to
  java/org/apache/catalina/servlets/DefaultServlet.java,
  java/org/apache/catalina/webresources/AbstractFileResourceSet.java,
  java/org/apache/catalina/webresources/DirResourceSet.java,
  java/org/apache/tomcat/util/compat/JrePlatform.java,
  test/org/apache/catalina/webresources/AbstractTestResourceSet.java,
  
test/org/apache/catalina/webresources/TestAbstractFileResourceSetPerformance.java.
- CVE-2017-12617
  * SECURITY UPDATE: security constraints mapped to context root are ignored
- debian/patches/CVE-2018-1304.patch: add check to
  java/org/apache/catalina/realm/RealmBase.java.
- CVE-2018-1304
  * SECURITY UPDATE: security constraint annotations applied too late
- debian/patches/CVE-2018-1305.patch: change ordering in
  java/org/apache/catalina/Wrapper.java,
  java/org/apache/catalina/authenticator/AuthenticatorBase.java,
  java/org/apache/catalina/core/ApplicationContext.java,
  java/org/apache/catalina/core/ApplicationServletRegistration.java,
  java/org/apache/catalina/core/StandardContext.java,
  java/org/apache/catalina/core/StandardWrapper.java,
  java/org/apache/catalina/startup/ContextConfig.java,
  java/org/apache/catalina/startup/Tomcat.java,
  java/org/apache/catalina/startup/WebAnnotationSet.java.
- CVE-2018-1305
  * SECURITY UPDATE: CORS filter has insecure defaults
- debian/patches/CVE-2018-8014.patch: change defaults in
  java/org/apache/catalina/filters/CorsFilter.java,
  java/org/apache/catalina/filters/LocalStrings.properties,
  test/org/apache/catalina/filters/TestCorsFilter.java,
  test/org/apache/catalina/filters/TesterFilterConfigs.java.
- CVE-2018-8014

 -- Marc Deslauriers   Mon, 28 May 2018
13:21:29 -0400

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1721749

Title:
  Security Fix - CVE-2017-12617

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1721749/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1721749] Re: Security Fix - CVE-2017-12617

2018-05-30 Thread Launchpad Bug Tracker

This bug was fixed in the package tomcat8 - 8.5.21-1ubuntu1.1

---
tomcat8 (8.5.21-1ubuntu1.1) artful-security; urgency=medium

  * SECURITY UPDATE: missing checks when HTTP PUTs enabled (LP: #1721749)
- debian/patches/CVE-2017-12617.patch: add checks to
  java/org/apache/catalina/servlets/DefaultServlet.java,
  java/org/apache/catalina/webresources/AbstractFileResourceSet.java,
  java/org/apache/catalina/webresources/DirResourceSet.java,
  java/org/apache/tomcat/util/compat/JrePlatform.java,
  test/org/apache/catalina/webresources/AbstractTestResourceSet.java,
  
test/org/apache/catalina/webresources/TestAbstractFileResourceSetPerformance.java.
- CVE-2017-12617
  * SECURITY UPDATE: incorrectly documented CGI search algorithm
- debian/patches/CVE-2017-15706.patch: adjust documentation in
  webapps/docs/cgi-howto.xml.
- CVE-2017-15706
  * SECURITY UPDATE: security constraints mapped to context root are ignored
- debian/patches/CVE-2018-1304.patch: add check to
  java/org/apache/catalina/realm/RealmBase.java.
- CVE-2018-1304
  * SECURITY UPDATE: security constraint annotations applied too late
- debian/patches/CVE-2018-1305.patch: change ordering in
  java/org/apache/catalina/Wrapper.java,
  java/org/apache/catalina/authenticator/AuthenticatorBase.java,
  java/org/apache/catalina/core/ApplicationContext.java,
  java/org/apache/catalina/core/ApplicationServletRegistration.java,
  java/org/apache/catalina/core/StandardContext.java,
  java/org/apache/catalina/core/StandardWrapper.java,
  java/org/apache/catalina/startup/ContextConfig.java,
  java/org/apache/catalina/startup/Tomcat.java,
  java/org/apache/catalina/startup/WebAnnotationSet.java.
- CVE-2018-1305
  * SECURITY UPDATE: CORS filter has insecure defaults
- debian/patches/CVE-2018-8014.patch: change defaults in
  java/org/apache/catalina/filters/CorsFilter.java,
  java/org/apache/catalina/filters/LocalStrings.properties,
  test/org/apache/catalina/filters/TestCorsFilter.java,
  test/org/apache/catalina/filters/TesterFilterConfigs.java.
- CVE-2018-8014

 -- Marc Deslauriers   Mon, 28 May 2018
09:03:55 -0400

** Changed in: tomcat8 (Ubuntu Artful)
   Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-15706

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1304

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1305

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-8014

** Changed in: tomcat8 (Ubuntu Xenial)
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1721749

Title:
  Security Fix - CVE-2017-12617

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1721749/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1721749] Re: Security Fix - CVE-2017-12617

2018-03-21 Thread Matthias Klose

fixed with 8.5.29-1 in bionic

** Also affects: tomcat8 (Ubuntu Artful)
   Importance: Undecided
   Status: New

** Also affects: tomcat8 (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: tomcat8 (Ubuntu Bionic)
   Importance: Undecided
   Status: Triaged

** Also affects: tomcat8 (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: tomcat8 (Ubuntu Bionic)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1721749

Title:
  Security Fix - CVE-2017-12617

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1721749/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1721749] Re: Security Fix - CVE-2017-12617

2017-10-06 Thread Steve Beattie

** Changed in: tomcat8 (Ubuntu)
   Status: New => Triaged

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1721749

Title:
  Security Fix - CVE-2017-12617

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1721749/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1721749] Re: Security Fix - CVE-2017-12617

[Bug 1721749] Re: Security Fix - CVE-2017-12617

[Bug 1721749] Re: Security Fix - CVE-2017-12617

[Bug 1721749] Re: Security Fix - CVE-2017-12617

[Bug 1721749] Re: Security Fix - CVE-2017-12617

5 matches

Site Navigation

Mail list logo

Footer information