Please backport tomcat7 7.0.42 (main) from saucy/debian to precise [and tomcat-native] to fix serious CVE reports
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Precise Backports |
Won't Fix
|
Undecided
|
Unassigned | ||
tomcat7 (Ubuntu) |
Won't Fix
|
High
|
Unassigned |
Bug Description
Please backport tomcat7 7.0.30-0ubuntu1 (main) from raring to precise.
Reason for the backport:
=======
Currently tomcat7 on precise is 7.0.26 (see linked CVE)
quantal is providing 7.0.30 (see some of the linked CVE)
raring is providing 7.0.34
In my opinion it would be good to have the most current tomcat7 version also in precise-backports.
The goal should be providing the latest tomcat7 stable release also via backports in the LTS release of ubuntu.
In addition the old version if affected by some security issues.
The number of fixes is still impressing :-)
https:/
NOTE: In tomcat 7.0.34 has the APR library has changed. For satisfying the runtime dependency tomcat-native should also backported
Testing:
========
Mark off items in the checklist [X] as you test them, but please leave the checklist so that backporters can quickly evaluate the state of testing.
You can test-build the backport in your PPA with backportpackage:
$ backportpackage -u ppa:<lp username>/<ppa name> -s raring -d precise tomcat7
--> see ppa:dirk-
* precise:
[X] Package builds without modification
[X] tomcat7-common installs cleanly and runs
[X] libservlet3.0-java installs cleanly and runs
[X] tomcat7-docs installs cleanly and runs
[X] libservlet3.
[X] tomcat7 installs cleanly and runs
[X] libtomcat7-java installs cleanly and runs
[X] tomcat7-user installs cleanly and runs
[X] tomcat7-admin installs cleanly and runs
[X] tomcat7-examples installs cleanly and runs
Reverse dependencies:
=======
The following reverse-
tomcat7-common
--------------
libservlet3.0-java
------------------
* libjtharness-java
[ ] precise (Reverse-Depends)
* jtharness
[ ] precise (Reverse-
tomcat7-docs
------------
libservlet3.
-------
tomcat7
-------
libtomcat7-java
---------------
tomcat7-user
------------
tomcat7-admin
-------------
tomcat7-examples
----------------
tags: | added: precise |
summary: |
- tomcat7 7.0.30 (or newer) should be backported to precise + Please backport tomcat7 7.0.30-0ubuntu1 (main) from raring |
description: | updated |
affects: | tomcat7 (Ubuntu) → precise-backports |
tags: | removed: precise |
Changed in precise-backports: | |
status: | New → Confirmed |
tags: | added: quantal |
description: | updated |
summary: |
Please backport tomcat7 7.0.34 (main) from raring to precise (and - quantal) [and tomcat-native] + quantal) [and tomcat-native] to fix serious CVE reports |
Changed in quantal-backports: | |
status: | New → Confirmed |
Changed in tomcat7 (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → High |
tags: | removed: quantal |
affects: | raring-backports → ubuntu |
no longer affects: | ubuntu |
affects: | quantal-backports → ubuntu |
no longer affects: | ubuntu |
summary: |
- Please backport tomcat7 7.0.42 (main) from saucy/debian to precise (and - quantal) [and tomcat-native] to fix serious CVE reports + Please backport tomcat7 7.0.42 (main) from saucy/debian to precise [and + tomcat-native] to fix serious CVE reports |
Changed in precise-backports: | |
status: | Confirmed → Won't Fix |
Tomcat7 is a java application with isolated dependencies. So there shouldn't be any real changes needed to adopt the quantal/roaring packages to precise.