tomcat7 needs update to 7.0.40
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tomcat7 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Won't Fix
|
Undecided
|
Unassigned | ||
Quantal |
Fix Released
|
Undecided
|
Unassigned | ||
Raring |
Fix Released
|
Undecided
|
Unassigned | ||
Saucy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The new version has some more security fixed, which are not part of 7.0.34 (and .39).
Also a backport to precise [quantal, ...] is needed.
See announcement mail:
-------
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.40.
Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages and Java Expression Language technologies.
This release contains a security fix and a number of bug fixes
and improvements compared to version 7.0.39. The notable changes include:
- A fix for CVE-2013-2071 (bug <bug>54178</bug>) an informatio
disclosure issue.
- Various fixes to stop Tomcat attempting to parse text that looks like
an EL expression in a JSP document as an EL expression when EL
expressions are either not permitted or not enabled.
- Improved handling and reporting if a ConcurrentModif
occurs while checking for memory leaks when a web application is
being stopped.
Please refer to the change log for the complete list of changes:
http://
information type: | Private Security → Public |
description: | updated |
tags: | added: precise quantal raring |
Changed in tomcat7 (Ubuntu Precise): | |
status: | New → Confirmed |
Changed in tomcat7 (Ubuntu Quantal): | |
status: | New → Confirmed |
Changed in tomcat7 (Ubuntu Raring): | |
status: | New → Confirmed |
Changed in tomcat7 (Ubuntu Saucy): | |
status: | New → Confirmed |
tags: | added: upgrade-software-version |
Changed in tomcat7 (Ubuntu Saucy): | |
status: | Confirmed → Fix Released |
Thank you for taking the time to report this bug and helping to make Ubuntu better.
Marking as Public Security for the attention of the security team as it looks like this may affect Quantal and Raring, where tomcat is in main. tomcat is in universe in Oneiric and Precise.