Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 918696

Summary: www-servers/tomcat-{8.5.96,9.0.83,10.1.16}: please stabilize (security: CVE-2023-46589 Apache Tomcat - Request Smuggling)
Product: Gentoo Linux Reporter: Miroslav Šulc <fordfrog>
Component: StabilizationAssignee: Java team <java>
Status: RESOLVED FIXED    
Severity: normal Keywords: CC-ARCHES, SECURITY, STABLEREQ
Priority: Normal Flags: nattka: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
www-servers/tomcat-8.5.96 www-servers/tomcat-9.0.83 www-servers/tomcat-10.1.16
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 918700    

Description Miroslav Šulc gentoo-dev 2023-11-28 15:34:49 UTC
commit a3e20bde7d51d047f9716618686fcbd0a67ece41
Author: Miroslav Šulc <fordfrog@gentoo.org>
Date:   Wed Nov 15 14:07:55 2023 +0100

    www-servers/tomcat: bump to 8.5.96
    
    Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org>

commit 02820b8d422e76a66f8e1d3ee72691f490c42ba7
Author: Miroslav Šulc <fordfrog@gentoo.org>
Date:   Wed Nov 15 14:01:51 2023 +0100

    www-servers/tomcat: bump to 9.0.83
    
    Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org>

commit 3ad30aad7990debfb69aecc0258597971ae8fd27
Author: Miroslav Šulc <fordfrog@gentoo.org>
Date:   Wed Nov 15 13:54:18 2023 +0100

    www-servers/tomcat: bump to 10.1.16
    
    Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org>
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-11-28 19:17:50 UTC
amd64 done

all arches done
Comment 2 Larry the Git Cow gentoo-dev 2023-11-28 19:22:09 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=41e79b6cbfc1c5cecca19531d6af0bead808b71f

commit 41e79b6cbfc1c5cecca19531d6af0bead808b71f
Author:     Miroslav Šulc <fordfrog@gentoo.org>
AuthorDate: 2023-11-28 19:21:55 +0000
Commit:     Miroslav Šulc <fordfrog@gentoo.org>
CommitDate: 2023-11-28 19:21:55 +0000

    www-servers/tomcat: dropped obsolete 8.5.95-r1, 9.0.82 & 10.1.15 (security)
    
    Bug: https://bugs.gentoo.org/918696
    Bug: https://bugs.gentoo.org/918700
    Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org>

 www-servers/tomcat/Manifest                |   7 --
 www-servers/tomcat/tomcat-10.1.15.ebuild   | 181 -----------------------------
 www-servers/tomcat/tomcat-8.5.95-r1.ebuild | 157 -------------------------
 www-servers/tomcat/tomcat-9.0.82.ebuild    | 180 ----------------------------
 4 files changed, 525 deletions(-)