Am 28.03.2016 um 18:07 schrieb Markus Koschany: > [first e-mail failed, attachment is compressed now] > > Hello Security Team, hello Java Team > > I have prepared security updates for Tomcat 7 fixing 9 CVEs in Wheezy > and 7 CVEs in Jessie. Hi, since I haven't heard anything negative about the security update for Tomcat7 so far, I'm hereby sending you the final debdiffs for Wheezy and Jessie. After further investigation into the test failures I'm convinced now that they are unrelated to the update because they also occur with the current version and it seems they can be traced back to an update of OpenJDK 7. According to [1] the error is caused by stricter checking of values in cookie names. The error message is: Illegal character(s) in message header field: Cookie: Double checking would be appreciated though. I didn't disable the tests completely but used DEB_BUILD_OPTIONS=nocheck, so it should be easy to verify this. My other usage tests went fine. Regards, Markus [1] http://tomcat.10.x6.nabble.com/VOTE-Release-Apache-Tomcat-8-0-29-td5042759.html
Attachment:
tomcat7_jessie.debdiff.gz
Description: application/gzip
Attachment:
tomcat7_wheezy.debdiff.gz
Description: application/gzip
Attachment:
signature.asc
Description: OpenPGP digital signature