This bug was fixed in the package tomcat7 - 7.0.52-1ubuntu0.7
---------------
tomcat7 (7.0.52-1ubuntu0.7) trusty-security; urgency=medium
* SECURITY UPDATE: privilege escalation via insecure init script
- debian/tomcat7.init: don't follow symlinks when handling the
catalina.out file.
- CVE-2016-1240
* SECURITY REGRESSION: change in behaviour after security update
(LP: #1609819)
- debian/patches/CVE-2015-5345-2.patch: fix using the new
mapperContextRootRedirectEnabled option in
java/org/apache/catalina/connector/MapperListener.java, change
mapperContextRootRedirectEnabled default to true in
java/org/apache/catalina/core/StandardContext.java,
webapps/docs/config/context.xml. This reverts the change in behaviour
following the CVE-2015-5345 security update and was also done
upstream in later releases.
-- Marc Deslauriers <[email protected]> Fri, 16 Sep 2016
09:19:37 -0400
** Changed in: tomcat7 (Ubuntu Trusty)
Status: Confirmed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-5345
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-1240
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1609819
Title:
CVE-2015-5345 patch issue on tomcat7
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1609819/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
