Author: mkoch
Date: 2007-12-29 19:12:33 +0000 (Sat, 29 Dec 2007)
New Revision: 5232
Modified:
trunk/tomcat5.5/debian/changelog
trunk/tomcat5.5/debian/policy/03catalina.policy
Log:
* CVE-2007-5342: Fix unauthorized modification of data because of
too open permissions. Closes: #458237.
Modified: trunk/tomcat5.5/debian/changelog
===================================================================
--- trunk/tomcat5.5/debian/changelog 2007-12-29 17:48:31 UTC (rev 5231)
+++ trunk/tomcat5.5/debian/changelog 2007-12-29 19:12:33 UTC (rev 5232)
@@ -1,8 +1,10 @@
-tomcat5.5 (5.5.25-4) UNRELEASED; urgency=low
+tomcat5.5 (5.5.25-4) UNRELEASED; urgency=high
+ * CVE-2007-5342: Fix unauthorized modification of data because of
+ too open permissions. Closes: #458237.
* Always clean temporary directory on startup. Closes: #456608.
- -- Michael Koch <[EMAIL PROTECTED]> Sat, 29 Dec 2007 18:52:06 +0100
+ -- Michael Koch <[EMAIL PROTECTED]> Sat, 29 Dec 2007 20:15:40 +0100
tomcat5.5 (5.5.25-3) unstable; urgency=low
Modified: trunk/tomcat5.5/debian/policy/03catalina.policy
===================================================================
--- trunk/tomcat5.5/debian/policy/03catalina.policy 2007-12-29 17:48:31 UTC
(rev 5231)
+++ trunk/tomcat5.5/debian/policy/03catalina.policy 2007-12-29 19:12:33 UTC
(rev 5232)
@@ -27,7 +27,19 @@
// These permissions apply to JULI
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
- permission java.security.AllPermission;
+ permission java.util.PropertyPermission
"java.util.logging.config.class", "read";
+ permission java.util.PropertyPermission
"java.util.logging.config.file", "read";
+ permission java.lang.RuntimePermission "shutdownHooks";
+ permission java.io.FilePermission
"${catalina.base}${file.separator}conf${file.separator}logging.properties",
"read";
+ permission java.util.PropertyPermission "catalina.base", "read";
+ permission java.util.logging.LoggingPermission "control";
+ permission java.io.FilePermission
"${catalina.base}${file.separator}logs", "read, write";
+ permission java.io.FilePermission
"${catalina.base}${file.separator}logs${file.separator}*", "read, write";
+ permission java.lang.RuntimePermission "getClassLoader";
+ // To enable per context logging configuration, permit read access to
the appropriate file.
+ // Be sure that the logging configuration is secure before enabling
such access
+ // eg for the examples web application:
+ // permission java.io.FilePermission
"${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties",
"read";
};
// These permissions apply to the servlet API classes
_______________________________________________
pkg-java-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/pkg-java-commits
