Please sync package tomcat7 (7.0.35-1~exp2ubuntu1) from Raring Dist to Precise Dist
Bug #1197151 reported by
Arya Goudarzi
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Ubuntu |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
The Precise dist has a version of tomcat7 that has this security vulnerability:
http://
We would like to have tomcat7.0.35 at least which is already built in Raring distro. Is it possible to make this available in Precise?
Thanks,
-Arya
| information type: | Private Security → Public Security |
Revision history for this message
| Seth Arnold (seth-arnold) wrote | #1 |
| Changed in ubuntu: | |
| status: | New → Invalid |
To post a comment you must log in.
Hello,
CVE-2012-4431 has already been fixed in the 12.04 LTS tomcat7 packages; see the changelog at https:/
- debian/
filter. Based on upstream patch.
Our vulnerability database shows there are three vulnerabilities for tomcat7 in 12.04 LTS at the moment: CVE-2012-3544, CVE-2013-2067, CVE-2013-2071. You can find more information on these vulnerabilities at: http://
Because tomcat7 is in universe in 12.04 LTS, it is maintained by the community. If you are able to prepare a debdiff to fix these issues, the security team will be happy to sponsor the package. (This is how the fix for CVE-2012-4431 was released to 12.04 LTS in March; one of our users prepared and tested the package.)
I'm closing this as "invalid" because this specific security issue has been fixed.
Thank you