- debian/patches/0015-CVE-2012-4431.patch: Fix for bypass of CSRF prevention
filter. Based on upstream patch.
Our vulnerability database shows there are three vulnerabilities for tomcat7 in 12.04 LTS at the moment: CVE-2012-3544, CVE-2013-2067, CVE-2013-2071. You can find more information on these vulnerabilities at: http://people.canonical.com/~ubuntu-security/cve/pkg/tomcat7.html
Because tomcat7 is in universe in 12.04 LTS, it is maintained by the community. If you are able to prepare a debdiff to fix these issues, the security team will be happy to sponsor the package. (This is how the fix for CVE-2012-4431 was released to 12.04 LTS in March; one of our users prepared and tested the package.)
I'm closing this as "invalid" because this specific security issue has been fixed.
Hello,
CVE-2012-4431 has already been fixed in the 12.04 LTS tomcat7 packages; see the changelog at https:/ /launchpad. net/ubuntu/ +source/ tomcat7/ 7.0.26- 1ubuntu1. 2 for details, but in part:
- debian/ patches/ 0015-CVE- 2012-4431. patch: Fix for bypass of CSRF prevention
filter. Based on upstream patch.
Our vulnerability database shows there are three vulnerabilities for tomcat7 in 12.04 LTS at the moment: CVE-2012-3544, CVE-2013-2067, CVE-2013-2071. You can find more information on these vulnerabilities at: http:// people. canonical. com/~ubuntu- security/ cve/pkg/ tomcat7. html
Because tomcat7 is in universe in 12.04 LTS, it is maintained by the community. If you are able to prepare a debdiff to fix these issues, the security team will be happy to sponsor the package. (This is how the fix for CVE-2012-4431 was released to 12.04 LTS in March; one of our users prepared and tested the package.)
I'm closing this as "invalid" because this specific security issue has been fixed.
Thank you