Description A vulnerability has been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the application not properly enforcing "@ServletSecurity" annotations when loading servlets. This can be exploited to e.g. bypass the security constraints specified via the annotations and disclose certain information. The vulnerability is reported in versions 7.0.0 through 7.0.10. Solution Incompletely fixed in version 7.0.10. As a workaround, update to version 7.0.10 and specify at least one security constraint in web.xml. http://secunia.com/advisories/43684/ http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.11_(released_11_Mar_2011)
Maintainers, this vulnerability is for tomcat-7.x only. Could you just remove vulnerable 7.x ebuilds from the tree? Thank you.
done, only 7.0.11 left in tree
Thanks, but next time please don't close the bug.