Summary: | <www-servers/tomcat-{7.0.79, 8.0.45}: Apache Tomcat Cache Poisoning (CVE-2017-7674) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | java |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bz.apache.org/bugzilla/show_bug.cgi?id=61101 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
www-servers/tomcat-7.0.79
www-servers/tomcat-8.0.45
dev-java/tomcat-servlet-api-7.0.79
dev-java/tomcat-servlet-api-8.0.45
|
Runtime testing required: | No |
Description
D'juan McDonald (domhnall)
2017-08-11 04:16:34 UTC
@security, @maintainer(s), please call for stabilization and/or follow procedure to close on report. Thank You. Daj'Uan (mbailey_J) Gentoo Security Scout i stabilized slots 7 a 8 on amd64: commit acbf4a912e859f8a7361d419544fde06ca45462e (HEAD -> master, origin/master, origin/HEAD) Author: Miroslav Šulc <fordfrog@gentoo.org> Date: Tue Aug 22 20:24:42 2017 +0200 www-servers/tomcat: marked stable amd64 per bug #627514 Package-Manager: Portage-2.3.8, Repoman-2.3.3 www-servers/tomcat/tomcat-7.0.79.ebuild | 2 +- www-servers/tomcat/tomcat-8.0.45.ebuild | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 720ce827120c44680530f02f912f50d1482badf5 Author: Miroslav Šulc <fordfrog@gentoo.org> Date: Tue Aug 22 20:23:40 2017 +0200 dev-java/tomcat-servlet-api: marked stable amd64 per bug #627514 Package-Manager: Portage-2.3.8, Repoman-2.3.3 dev-java/tomcat-servlet-api/tomcat-servlet-api-7.0.79.ebuild | 2 +- dev-java/tomcat-servlet-api/tomcat-servlet-api-8.0.45.ebuild | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) but i don't have access to x86 machine though i suppose it should work aswell. @fordfrog, thank you... @arches, please test to stabilize, thank you. @Security, please follow procedure to close on report, thank you. x86 stable i've just removed the old affected versions from the tree: commit 55b14158b82577af855f072f5120628b6d4db2de (HEAD -> master, origin/master, origin/HEAD) Author: Miroslav Šulc <fordfrog@gentoo.org> Date: Sun Sep 10 08:24:24 2017 +0200 dev-java/tomcat-servlet-api: removed old versions Package-Manager: Portage-2.3.8, Repoman-2.3.3 dev-java/tomcat-servlet-api/Manifest dev-java/tomcat-servlet-api/tomcat-servlet-api-7.0.77.ebuild dev-java/tomcat-servlet-api/tomcat-servlet-api-8.0.43.ebuild commit 96b634bd2d58335c66299b60325ec5d70f608b6f Author: Miroslav Šulc <fordfrog@gentoo.org> Date: Sun Sep 10 08:20:46 2017 +0200 www-servers/tomcat: removed old security affected versions Package-Manager: Portage-2.3.8, Repoman-2.3.3 www-servers/tomcat/Manifest www-servers/tomcat/files/tomcat-7.0.77-build.xml.patch www-servers/tomcat/files/tomcat-8.0.43-build.xml.patch www-servers/tomcat/tomcat-7.0.77.ebuild www-servers/tomcat/tomcat-8.0.43.ebuild Maintainer(s), Thank you for your work. GLSA Vote: No Thank you all for you work. Closing as [noglsa]. |