Please sync package tomcat7 (7.0.35-1~exp2ubuntu1) from Raring Dist to Precise Dist
Bug #1197151 reported by
Arya Goudarzi
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu |
Invalid
|
Undecided
|
Unassigned |
Bug Description
The Precise dist has a version of tomcat7 that has this security vulnerability:
http://
We would like to have tomcat7.0.35 at least which is already built in Raring distro. Is it possible to make this available in Precise?
Thanks,
-Arya
information type: | Private Security → Public Security |
To post a comment you must log in.
Hello,
CVE-2012-4431 has already been fixed in the 12.04 LTS tomcat7 packages; see the changelog at https:/ /launchpad. net/ubuntu/ +source/ tomcat7/ 7.0.26- 1ubuntu1. 2 for details, but in part:
- debian/ patches/ 0015-CVE- 2012-4431. patch: Fix for bypass of CSRF prevention
filter. Based on upstream patch.
Our vulnerability database shows there are three vulnerabilities for tomcat7 in 12.04 LTS at the moment: CVE-2012-3544, CVE-2013-2067, CVE-2013-2071. You can find more information on these vulnerabilities at: http:// people. canonical. com/~ubuntu- security/ cve/pkg/ tomcat7. html
Because tomcat7 is in universe in 12.04 LTS, it is maintained by the community. If you are able to prepare a debdiff to fix these issues, the security team will be happy to sponsor the package. (This is how the fix for CVE-2012-4431 was released to 12.04 LTS in March; one of our users prepared and tested the package.)
I'm closing this as "invalid" because this specific security issue has been fixed.
Thank you