Summary: | <www-servers/tomcat-{8.5.84,9.0.69,10.1.2}: JsonErrorReportValve injection | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | fordfrog, java |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lists.apache.org/thread/yqkd183xrw3wqvnpcg3osbcryq85fkzj | ||
Whiteboard: | B4 [glsa+] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2023-01-03 20:44:26 UTC
Is 10.0 affected? The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2451ac41755ade568c777ea96ed6714fdbce8061 commit 2451ac41755ade568c777ea96ed6714fdbce8061 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2023-01-04 08:05:21 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2023-01-04 08:05:21 +0000 www-servers/tomcat: dropped eol'd tomcat 10 https://tomcat.apache.org/tomcat-10.0-eol.html Bug: https://bugs.gentoo.org/889596 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> www-servers/tomcat/Manifest | 1 - .../tomcat-10.0.16-build.xml-strip-html5.patch | 31 -- .../tomcat/files/tomcat-10.0.26-build.xml.patch | 347 --------------------- www-servers/tomcat/tomcat-10.0.27.ebuild | 202 ------------ 4 files changed, 581 deletions(-) we're clean now. tomcat 10 has been already eol'd, that's why it's missing from the report i guess. Thanks! GLSA request filed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a8b85191c046076a4e4d12c8541d49e1473aaa66 commit a8b85191c046076a4e4d12c8541d49e1473aaa66 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-30 03:03:08 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-05-30 03:05:04 +0000 [ GLSA 202305-37 ] Apache Tomcat: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/878911 Bug: https://bugs.gentoo.org/889596 Bug: https://bugs.gentoo.org/896370 Bug: https://bugs.gentoo.org/907387 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202305-37.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) GLSA released, all done! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=023c3018165ffad6f1f6a874561e1c3c555cb505 commit 023c3018165ffad6f1f6a874561e1c3c555cb505 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-05-31 02:20:03 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-05-31 02:20:25 +0000 [ GLSA 202305-37 ] fix versions, add other slots Bug: https://bugs.gentoo.org/878911 Bug: https://bugs.gentoo.org/889596 Bug: https://bugs.gentoo.org/896370 Bug: https://bugs.gentoo.org/907387 Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202305-37.xml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) |