[Bug 1609819] Re: CVE-2015-5345 patch issue on tomcat7

2016-09-19 Thread Mathew Hodson 
** Changed in: tomcat7 (Ubuntu)
   Status: Invalid => Fix Released

** Changed in: tomcat7 (Ubuntu)
   Importance: Undecided => Medium

** Changed in: tomcat7 (Ubuntu Trusty)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1609819

Title:
  CVE-2015-5345 patch issue on tomcat7

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1609819/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1609819] Re: CVE-2015-5345 patch issue on tomcat7

2016-09-19 Thread Launchpad Bug Tracker 
This bug was fixed in the package tomcat7 - 7.0.52-1ubuntu0.7

---
tomcat7 (7.0.52-1ubuntu0.7) trusty-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via insecure init script
- debian/tomcat7.init: don't follow symlinks when handling the
  catalina.out file.
- CVE-2016-1240
  * SECURITY REGRESSION: change in behaviour after security update
(LP: #1609819)
- debian/patches/CVE-2015-5345-2.patch: fix using the new
  mapperContextRootRedirectEnabled option in
  java/org/apache/catalina/connector/MapperListener.java, change
  mapperContextRootRedirectEnabled default to true in
  java/org/apache/catalina/core/StandardContext.java,
  webapps/docs/config/context.xml. This reverts the change in behaviour
  following the CVE-2015-5345 security update and was also done
  upstream in later releases.

 -- Marc Deslauriers   Fri, 16 Sep 2016
09:19:37 -0400

** Changed in: tomcat7 (Ubuntu Trusty)
   Status: Confirmed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-5345

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-1240

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1609819

Title:
  CVE-2015-5345 patch issue on tomcat7

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1609819/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1609819] Re: CVE-2015-5345 patch issue on tomcat7

2016-09-16 Thread Marc Deslauriers 
** Also affects: tomcat7 (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: tomcat7 (Ubuntu Trusty)
   Status: New => Confirmed

** Changed in: tomcat7 (Ubuntu Trusty)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: tomcat7 (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1609819

Title:
  CVE-2015-5345 patch issue on tomcat7

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1609819/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1609819] Re: CVE-2015-5345 patch issue on tomcat7

2016-08-10 Thread Robie Basak 
** Information type changed from Public to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1609819

Title:
  CVE-2015-5345 patch issue on tomcat7

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1609819/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs