tomcat7 (7.0.52-1ubuntu0.15) trusty-security; urgency=medium
* SECURITY UPDATE: DoS via issue in UTF-8 decoder
- debian/patches/CVE-2018-1336.patch: fix logic in
java/org/apache/tomcat/util/buf/Utf8Decoder.java.
- CVE-2018-1336
* SECURITY UPDATE: missing hostname verification in WebSocket client
- debian/patches/CVE-2018-8034.patch: enable hostname verification by
default in webapps/docs/web-socket-howto.xml,
java/org/apache/tomcat/websocket/WsWebSocketContainer.java.
- CVE-2018-8034
Date: 2018-07-25 14:13:12.959811+00:00
Changed-By: Marc Deslauriers <[email protected]>
Signed-By: Ubuntu Archive Robot
<[email protected]>
https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.15
Sorry, changesfile not available.
--
Trusty-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/trusty-changes
