Commits · stretch · Debian Java Maintainers / tomcat8

24 Aug, 2018 4 commits
- Update CVE-2018-8034.patch · 81e0a521
  Markus Koschany authored Aug 24, 2018
  
  81e0a521
- Update changelog · ceb63208
  Markus Koschany authored Aug 24, 2018
  
  ceb63208
- Fix CVE-2018-1336, CVE-2018-8034 and CVE-2018-8037 · 363aca77
  Markus Koschany authored Aug 24, 2018
  
  363aca77
- Import patches for CVE-2018-1304 and CVE-2018-1305 and fix #867247 · 3f7b0915
  Markus Koschany authored Aug 24, 2018
  
  3f7b0915
12 Apr, 2018 1 commit

Import Debian changes 8.5.14-1+deb9u2 · b2b30054

Markus Koschany authored Sep 03, 2017

tomcat8 (8.5.14-1+deb9u2) stretch-security; urgency=high

  * Team upload.
  * Fix CVE-2017-7674:
    The CORS Filter did not add an HTTP Vary header indicating that the
    response varies depending on Origin. This permitted client and server side
    cache poisoning in some circumstances.
  * Fix CVE-2017-7675:
    The HTTP/2 implementation bypassed a number of security checks that
    prevented directory traversal attacks. It was therefore possible to bypass
    security constraints using a specially crafted URL.

b2b30054

21 Jun, 2017 1 commit

Fixed CVE-2017-5664: Static error pages can be overwritten if the... · b8a56643

Emmanuel Bourg authored Jun 08, 2017

Fixed CVE-2017-5664: Static error pages can be overwritten if the DefaultServlet is configured to permit writes (Closes: #864447)

b8a56643

07 May, 2017 1 commit
- Upload to unstable · 93c21c17
  Emmanuel Bourg authored Apr 21, 2017
  
  93c21c17
20 Apr, 2017 5 commits
- Merge tag 'upstream/8.5.14' · c2eb7935
  Emmanuel Bourg authored Apr 20, 2017
```
Upstream version 8.5.14
```
  c2eb7935
- New upstream version 8.5.14 · 2fab3605
  Emmanuel Bourg authored Apr 20, 2017
  
  2fab3605
- Removed the CVE patches (fixed in this release) · 57954cb2
  Emmanuel Bourg authored Apr 20, 2017
  
  57954cb2
- Merge tag 'upstream/8.5.13' · ce321f18
  Emmanuel Bourg authored Apr 20, 2017
```
Upstream version 8.5.13
```
  ce321f18
- New upstream version 8.5.13 · 5cf4acbe
  Emmanuel Bourg authored Apr 20, 2017
  
  5cf4acbe
18 Apr, 2017 3 commits
- Upload to unstable · 34031914
  Emmanuel Bourg authored Apr 18, 2017
  
  34031914
- Refreshed the patches · be390279
  Emmanuel Bourg authored Apr 18, 2017
  
  be390279
- Merge tag 'upstream/8.5.12' · 33a30a6e
  Emmanuel Bourg authored Apr 18, 2017
```
Upstream version 8.5.12
```
  33a30a6e
12 Apr, 2017 5 commits
- Mention that we depend on lsb-base now. Close bug #860068 · 6ad4be0c
  Markus Koschany authored Apr 12, 2017
  
  6ad4be0c
- Add bug reference to CVE patches. · b3e46463
  Markus Koschany authored Apr 12, 2017
  
  b3e46463
- tomcat8: Fix Lintian error and depend on lsb-base. · f57c63e4
  Markus Koschany authored Apr 12, 2017
  
  f57c63e4
- Update changelog · db05407e
  Markus Koschany authored Apr 12, 2017
  
  db05407e
- Fix CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651 · 38af11ab
  Markus Koschany authored Apr 11, 2017
```
Thanks: Salvatore Bonaccorso for the report.
Closes: #860068

Add CVE patches to series file.
```
  38af11ab
10 Mar, 2017 1 commit
- New upstream version 8.5.12 · bd367d00
  Emmanuel Bourg authored Mar 10, 2017
  
  bd367d00
17 Jan, 2017 1 commit
- Upload to unstable · 3820e46b
  Emmanuel Bourg authored Jan 17, 2017
  
  3820e46b
11 Jan, 2017 3 commits
- Refreshed the patches · e2bc5231
  Emmanuel Bourg authored Jan 11, 2017
  
  e2bc5231
- Merge tag 'upstream/8.5.11' · 8387d974
  Emmanuel Bourg authored Jan 11, 2017
```
Upstream version 8.5.11
```
  8387d974
- New upstream version 8.5.11 · 915f6d13
  Emmanuel Bourg authored Jan 11, 2017
  
  915f6d13
06 Jan, 2017 3 commits
- Refreshed the patches · d9c54995
  Emmanuel Bourg authored Jan 06, 2017
  
  d9c54995
- Merge tag 'upstream/8.5.10' · 513db5be
  Emmanuel Bourg authored Jan 06, 2017
```
Upstream version 8.5.10
```
  513db5be
- New upstream version 8.5.10 · 31cbdec4
  Emmanuel Bourg authored Jan 06, 2017
  
  31cbdec4
20 Dec, 2016 1 commit
- Recommend Java 8 in /etc/default/tomcat8 · 07ebfd5e
  Emmanuel Bourg authored Dec 20, 2016
  
  07ebfd5e
19 Dec, 2016 1 commit
- Upload to unstable · 7ec9eab2
  Emmanuel Bourg authored Dec 19, 2016
  
  7ec9eab2
18 Dec, 2016 1 commit
- Require Java 8 or higher (Closes: #848612) · aecf5a66
  Emmanuel Bourg authored Dec 18, 2016
  
  aecf5a66
08 Dec, 2016 1 commit
- Upload to unstable · e87099f0
  Emmanuel Bourg authored Dec 08, 2016
  
  e87099f0
07 Dec, 2016 2 commits
- Fixed the installation error when JAVA_OPTS contains % (Closes: #770911) · 7664221d
  Emmanuel Bourg authored Dec 07, 2016
  
  7664221d
- Restored the classloading from the common, server and shared directories under... · 33ec083d
  Emmanuel Bourg authored Dec 07, 2016
```
Restored the classloading from the common, server and shared directories under CATALINA_BASE (Closes: #847137)
```
  33ec083d
05 Dec, 2016 3 commits
- Refreshed the patches · 1ffa4eb1
  Emmanuel Bourg authored Dec 05, 2016
  
  1ffa4eb1
- Merge tag 'upstream/8.5.9' · 7c15ea89
  Emmanuel Bourg authored Dec 05, 2016
```
Upstream version 8.5.9
```
  7c15ea89
- New upstream version 8.5.9 · cfa27289
  Emmanuel Bourg authored Dec 05, 2016
  
  cfa27289
01 Dec, 2016 3 commits
- Upload to unstable · 2beba53d
  Emmanuel Bourg authored Dec 01, 2016
  
  2beba53d
- Aligned the logging configuration with the upstream one · 7cd871c3
  Emmanuel Bourg authored Dec 01, 2016
  
  7cd871c3
- Use AsyncFileHandler instead of FileHandler for the log files · 40cafbab
  Emmanuel Bourg authored Dec 01, 2016
  
  40cafbab