tomcat8 8.0.38-2ubuntu2.2 source package in Ubuntu
Changelog
tomcat8 (8.0.38-2ubuntu2.2) zesty-security; urgency=medium
* SECURITY UPDATE: loss of pipeline requests
- debian/patches/CVE-2017-5647.patch: improve sendfile handling when
requests are pipelined in
java/org/apache/coyote/AbstractProtocol.java,
java/org/apache/coyote/http11/Http11AprProcessor.java,
java/org/apache/coyote/http11/Http11Nio2Processor.java,
java/org/apache/coyote/http11/Http11NioProcessor.java,
java/org/apache/tomcat/util/net/AprEndpoint.java,
java/org/apache/tomcat/util/net/Nio2Endpoint.java,
java/org/apache/tomcat/util/net/NioEndpoint.java,
java/org/apache/tomcat/util/net/SendfileKeepAliveState.java.
- CVE-2017-5647
* SECURITY UPDATE: incorrect facade object use
- debian/patches/CVE-2017-5648.patch: ensure request and response
facades are used when firing application listeners in
java/org/apache/catalina/authenticator/FormAuthenticator.java,
java/org/apache/catalina/core/StandardHostValve.java.
- CVE-2017-5648
* SECURITY UPDATE: unexpected and undesirable results for static error
pages
- debian/patches/CVE-2017-5664.patch: use a more reliable mechanism in
java/org/apache/catalina/servlets/DefaultServlet.java,
java/org/apache/catalina/servlets/WebdavServlet.java.
- CVE-2017-5664
* SECURITY UPDATE: client and server side cache poisoning in CORS filter
- debian/patches/CVE-2017-7674.patch: set Vary header in response in
java/org/apache/catalina/filters/CorsFilter.java.
- CVE-2017-7674
-- Marc Deslauriers <email address hidden> Wed, 27 Sep 2017 17:20:40 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Zesty
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- java
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| tomcat8_8.0.38.orig.tar.xz | 3.3 MiB | 1c5338c19fd15bc40ae5646a83525ce01b5dac5741f953bc4bb344b0fc4b64a6 |
| tomcat8_8.0.38-2ubuntu2.2.debian.tar.xz | 45.9 KiB | 866b37af1b0e8676e1f6f39315c91bcb791445910c5e859773b7e8b942d6a0ac |
| tomcat8_8.0.38-2ubuntu2.2.dsc | 3.0 KiB | 17ac00522cf47e7e2a22a9020120e48344f308937f6077dc73472f2389da9e68 |
Available diffs
Binary packages built by this source
- libservlet3.1-java: No summary available for libservlet3.1-java in ubuntu zesty.
No description available for libservlet3.1-java in ubuntu zesty.
- libservlet3.1-java-doc: No summary available for libservlet3.1-java-doc in ubuntu zesty.
No description available for libservlet3.
1-java- doc in ubuntu zesty.
- libtomcat8-embed-java: No summary available for libtomcat8-embed-java in ubuntu zesty.
No description available for libtomcat8-
embed-java in ubuntu zesty.
- libtomcat8-java: No summary available for libtomcat8-java in ubuntu zesty.
No description available for libtomcat8-java in ubuntu zesty.
- tomcat8: No summary available for tomcat8 in ubuntu zesty.
No description available for tomcat8 in ubuntu zesty.
- tomcat8-admin: No summary available for tomcat8-admin in ubuntu zesty.
No description available for tomcat8-admin in ubuntu zesty.
- tomcat8-common: No summary available for tomcat8-common in ubuntu zesty.
No description available for tomcat8-common in ubuntu zesty.
- tomcat8-docs: No summary available for tomcat8-docs in ubuntu zesty.
No description available for tomcat8-docs in ubuntu zesty.
- tomcat8-examples: No summary available for tomcat8-examples in ubuntu zesty.
No description available for tomcat8-examples in ubuntu zesty.
- tomcat8-user: No summary available for tomcat8-user in ubuntu zesty.
No description available for tomcat8-user in ubuntu zesty.
