| Summary: | <www-servers/tomcat-{8.5.72,9.0.54,10.0.12}: DoS via memory leak | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | fordfrog, java |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://mail-archives.apache.org/mod_mbox/tomcat-announce/202110.mbox/browser | ||
| Whiteboard: | B3 [glsa+] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 818163 | ||
| Bug Blocks: | |||
|
Description
John Helmert III
2021-10-14 15:53:55 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a50a82307a43905f0f663dfa0c3e7e024c875dac commit a50a82307a43905f0f663dfa0c3e7e024c875dac Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2021-10-14 16:23:21 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2021-10-14 16:24:24 +0000 www-servers/tomcat: removed security affected versions Bug: https://bugs.gentoo.org/818160 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> www-servers/tomcat/Manifest | 5 - www-servers/tomcat/tomcat-10.0.10.ebuild | 192 ------------------------------- www-servers/tomcat/tomcat-10.0.11.ebuild | 192 ------------------------------- www-servers/tomcat/tomcat-8.5.71.ebuild | 159 ------------------------- www-servers/tomcat/tomcat-9.0.52.ebuild | 187 ------------------------------ www-servers/tomcat/tomcat-9.0.53.ebuild | 187 ------------------------------ 6 files changed, 922 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=060de4ace6f2d732b38df20f2c871b860314c061 commit 060de4ace6f2d732b38df20f2c871b860314c061 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2021-10-14 18:08:09 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2021-10-14 18:08:09 +0000 www-servers/tomcat: removed security affected version Bug: https://bugs.gentoo.org/818160 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> www-servers/tomcat/Manifest | 1 - www-servers/tomcat/tomcat-8.5.70.ebuild | 159 -------------------------------- 2 files changed, 160 deletions(-) all affected versions are gone now. you can proceed. (the stabilization bug is still open, on purpose, as i also used it to stabilize related tomcat-servlet-api versions) Thanks! GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a4afff138b8507c9b0b4fdbebda4c8d1935d6238 commit a4afff138b8507c9b0b4fdbebda4c8d1935d6238 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-21 01:35:21 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-21 01:40:47 +0000 [ GLSA 202208-34 ] Apache Tomcat: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/773571 Bug: https://bugs.gentoo.org/801916 Bug: https://bugs.gentoo.org/818160 Bug: https://bugs.gentoo.org/855971 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-34.xml | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) GLSA released, all done! |