Bug 76917 - www-servers/tomcat: XSS issue
|
Bug#:
76917
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: All
|
Status: RESOLVED
|
Severity: minor
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: jaervosz@gentoo.org
|
|
Component: Vulnerabilities
|
|
|
URL:
http://www.oliverkarow.de/research/jakarta556_xss.txt
|
|
Summary: www-servers/tomcat: XSS issue
|
|
Keywords:
|
|
Status Whiteboard: C4 [noglsa]
|
|
Opened: 2005-01-06 09:42 0000
|
I'm not sure wether this affects our specific Linux versions but filing a bug
to be sure.
java team, can you confirm ?
I can confirm that it works with 5.5.6-alpha1 (not in portage yet) and with the
tomcat-5.0.27-r4 ebuild (latest stable in portage), after adding the "manager"
role to the "tomcat" user in $CATALINA_HOME/conf/tomcat-users.xml
I can't say if the patch works because I failed to apply it, though this is
probably my fault.
It's small but should nevertheless be fixed...
patch fixed gentoo and committed,
will be on mirrors soon.
bumped to servletapi-2.4-r1
ppc64: please test and mark servletapi-2.4-r1 stable
