tomcat7 (7.0.70-3) unstable; urgency=high
* Team upload.
* Fixed CVE-2016-1240: A flaw in the init.d startup script allows local
attackers who have gained access to the server in the context of the
tomcat user through a vulnerability in a web application to replace
the catalina.out file with a symlink to an arbitrary file on the system,
potentially leading to a root privilege escalation.
Thanks to Dawid Golunski for the report.
Date: 2016-09-16 10:28:43.200633+00:00
Changed-By: Debian Java Maintainers
<pkg-java-maintain...@lists.alioth.debian.org>
Signed-By: LocutusOfBorg <costamagnagianfra...@yahoo.it>
https://launchpad.net/ubuntu/+source/tomcat7/7.0.70-3
Sorry, changesfile not available.
--
Yakkety-changes mailing list
Yakkety-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/yakkety-changes
