CVE-2015-5345 patch issue on tomcat7
Bug #1609819 reported by
Stephen Lynch
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| tomcat7 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
| Trusty |
Fix Released
|
Medium
|
Marc Deslauriers | ||
Bug Description
7.0.52-1ubuntu0.6 contains the patch for CVE-2015-5345. It adds mapperContextRo
Without it, the values specified in context.xml are not passed down to the Mapper.java on startup.
Setting mapperContextRo
| information type: | Public → Public Security |
| Changed in tomcat7 (Ubuntu Trusty): | |
| status: | New → Confirmed |
| assignee: | nobody → Marc Deslauriers (mdeslaur) |
| Changed in tomcat7 (Ubuntu): | |
| status: | New → Invalid |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in tomcat7 (Ubuntu Trusty): | |
| status: | Confirmed → Fix Released |
| Changed in tomcat7 (Ubuntu): | |
| status: | Invalid → Fix Released |
| importance: | Undecided → Medium |
| Changed in tomcat7 (Ubuntu Trusty): | |
| importance: | Undecided → Medium |
To post a comment you must log in.
This bug was fixed in the package tomcat7 - 7.0.52-1ubuntu0.7
---------------
tomcat7 (7.0.52-1ubuntu0.7) trusty-security; urgency=medium
* SECURITY UPDATE: privilege escalation via insecure init script
- debian/
catalina.out file.
- CVE-2016-1240
* SECURITY REGRESSION: change in behaviour after security update
(LP: #1609819)
- debian/
mapperCon
java/
mapperCon
java/
webapps/
following the CVE-2015-5345 security update and was also done
upstream in later releases.
-- Marc Deslauriers <email address hidden> Fri, 16 Sep 2016 09:19:37 -0400