Tomcat 8 security update

To: "team@security.debian.org" <team@security.debian.org>
Cc: "debian-java@lists.debian.org" <debian-java@lists.debian.org>
Subject: Tomcat 8 security update
From: Markus Koschany <apo@debian.org>
Date: Mon, 30 May 2016 00:12:18 +0200
Message-id: <[🔎] 0ff46564-4292-c688-61fe-aa885f69c70d@debian.org>

Hi,

I have prepared a security update for Tomcat 8 fixing 7 CVEs. In
addition I would like to fix #825786. We currently overwrite file
permissions in /etc/tomcat8/ unconditionally which could break user
specific changes on upgrade. The fix is to revert to default file
permissions root:root (rw-r-r) and change only
/etc/tomcat8/tomcat-users.xml.

Regards,

Markus

Attachment: tomcat8.debdiff.gz
Description: application/gzip

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: Tomcat 8 security update
  - From: Emmanuel Bourg <ebourg@apache.org>

Prev by Date: Bug#825571: ITP: tiles-request -- Tiles Request Framework
Next by Date: Re: Tomcat 8 security update
Previous by thread: Bug#825571: ITP: tiles-request -- Tiles Request Framework
Next by thread: Re: Tomcat 8 security update
Index(es):
- Date
- Thread