@Security - checking past uploads and the package I've found that - since it is in universe there are no usual regular MREs. But there was a security upload for [1] and some former ones.
I've read through [2] and seen that there are a few low [3][4] and one medium [5] case open. And as reported that would also include [6]. Since the package isn't getting usual MREs (being n universe) but has got MRE bumps for security reasons I wanted to ask if you'd consider doing that again? OTOH .39 to .61 also sounds like quite some regression risk so I'd absolutely understand a simple "no" as answer. There are more recent versions in newer Ubuntu release, but only of tomcat9 and later, not tomcat8. I subscribed ubuntu-security for an answer to my question - it felt wrong to "assign" you as that is your call to make. [1]: https://ubuntu.com/security/CVE-2019-10072 [2]: https://tomcat.apache.org/tomcat-8.5-doc/changelog.html [3]: https://ubuntu.com/security/cve-2019-17563 [4]: https://ubuntu.com/security/CVE-2019-0232 [5]: https://ubuntu.com/security/CVE-2019-12418 [6]: https://ubuntu.com/security/cve-2020-1938 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-0232 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-10072 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-12418 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1865904 Title: Needs updated to Tomcat 8.5.51 for GhostCat bug fixes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1865904/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
