Summary: | <www-servers/tomcat-{8.5.58, 9.0.38}: HTTP/2 connection confusion (CVE-2020-13943) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | fordfrog, java |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa] | ||
Package list: |
www-servers/tomcat-8.5.58 amd64
dev-java/tomcat-servlet-api-8.5.58
dev-java/tomcat-servlet-api-9.0.38 amd64 x86
|
Runtime testing required: | --- |
Description
Sam James
![]() ![]() ![]() ![]() Sanity check failed:
> www-servers/tomcat-8.5.58
> depend amd64 stable profile default/linux/amd64/17.0 (28 total)
> ~dev-java/tomcat-servlet-api-8.5.58:3.1
> depend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (2 total)
> ~dev-java/tomcat-servlet-api-8.5.58:3.1
> rdepend amd64 stable profile default/linux/amd64/17.0 (28 total)
> ~dev-java/tomcat-servlet-api-8.5.58:3.1
> rdepend amd64 dev profile default/linux/amd64/17.0/no-multilib/prefix/kernel-3.2+ (2 total)
> ~dev-java/tomcat-servlet-api-8.5.58:3.1
it's time to stabilize anyway so i'm reusing this bug. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=45d6f8a13613202f3ea5856d4323aead7031e717 commit 45d6f8a13613202f3ea5856d4323aead7031e717 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2020-10-16 07:28:13 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2020-10-16 07:28:13 +0000 www-servers/tomcat: removed old and vulnerable 9.0.37-r1 Bug: https://bugs.gentoo.org/747970 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> www-servers/tomcat/Manifest | 1 - www-servers/tomcat/tomcat-9.0.37-r1.ebuild | 187 ----------------------------- 2 files changed, 188 deletions(-) Thanks :) x86 stable ppc64 stable amd64 done all arches done amd64 done all arches done The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0dd49a07f535a2880f54d39fc3d87e86572a47a2 commit 0dd49a07f535a2880f54d39fc3d87e86572a47a2 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2020-11-01 17:00:34 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2020-11-01 17:00:47 +0000 www-servers/tomcat: removed vulnerable 8.5.57-r1 Bug: https://bugs.gentoo.org/747970 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> www-servers/tomcat/Manifest | 1 - www-servers/tomcat/tomcat-8.5.57-r1.ebuild | 163 ----------------------------- 2 files changed, 164 deletions(-) we're clean now, you can proceed :-) (In reply to Miroslav Šulc from comment #10) > we're clean now, you can proceed :-) Thanks! |