-
tomcat7 (7.0.75-1) unstable; urgency=medium
* New upstream release
- Refreshed the patches
-- Emmanuel Bourg <email address hidden> Tue, 24 Jan 2017 13:13:38 +0100
-
tomcat7 (7.0.73-1) unstable; urgency=medium
* New upstream release
-- Emmanuel Bourg <email address hidden> Wed, 16 Nov 2016 10:53:00 +0100
-
tomcat7 (7.0.72-4) unstable; urgency=medium
* Depend on libcglib-nodep-java instead of libcglib3-java
-- Emmanuel Bourg <email address hidden> Mon, 07 Nov 2016 16:55:48 +0100
-
tomcat7 (7.0.72-3) unstable; urgency=medium
* Build only the Servlet API (Closes: #819259, #834680)
-- Emmanuel Bourg <email address hidden> Sat, 05 Nov 2016 22:57:29 +0100
-
tomcat7 (7.0.72-2) unstable; urgency=high
* Team upload.
* CVE-2016-1240 follow-up:
- The previous init.d fix was vulnerable to a race condition that could
be exploited to make any existing file writable by the tomcat user.
Thanks to Paul Szabo for the report and the fix.
- The catalina.policy file generated on startup was affected by a similar
vulnerability that could be exploited to overwrite any file on the system.
Thanks to Paul Szabo for the report.
* Hardened the init.d script, thanks to Paul Szabo
* Switch to debhelper level 10
-- Emmanuel Bourg <email address hidden> Fri, 28 Oct 2016 01:34:22 +0200
-
tomcat7 (7.0.72-1) unstable; urgency=medium
* New upstream release
-- Emmanuel Bourg <email address hidden> Tue, 20 Sep 2016 13:28:54 +0200
