Comment 1 Thierry Carrez (RETIRED) 2005-01-07 05:37:05 UTC

java team, can you confirm ?

Comment 2 Stefan Cornelius (RETIRED) 2005-01-17 06:52:16 UTC

I can confirm that it works with 5.5.6-alpha1 (not in portage yet) and with the tomcat-5.0.27-r4 ebuild (latest stable in portage), after adding the "manager" role to the "tomcat" user in  $CATALINA_HOME/conf/tomcat-users.xml

I can't say if the patch works because I failed to apply it, though this is probably my fault.

Comment 3 Thierry Carrez (RETIRED) 2005-01-17 07:33:06 UTC

Thanks Stefan for verifying.

Java team, please test and patch ebuild with provided patch : 
http://www.mail-archive.com/tomcat-dev@jakarta.apache.org/msg66978.html

This is really small (XSS needing authentication) so no GLSA needed.

Comment 4 Thierry Carrez (RETIRED) 2005-01-25 08:13:41 UTC

It's small but should nevertheless be fixed...

Comment 5 Jochen Maes (RETIRED) 2005-02-04 06:47:10 UTC

trying to fix the bugger

Comment 6 Jochen Maes (RETIRED) 2005-02-04 06:55:00 UTC

patch fixed gentoo and committed, 

will be on mirrors soon.

bumped to servletapi-2.4-r1

Comment 7 Thierry Carrez (RETIRED) 2005-02-04 07:36:03 UTC

ppc64: please test and mark servletapi-2.4-r1 stable

Comment 8 Markus Rothe (RETIRED) 2005-02-06 01:11:50 UTC

stable on ppc64

Comment 9 Thierry Carrez (RETIRED) 2005-02-06 09:11:10 UTC

Closed without GLSA