On 22.11.2016 11:17, Emmanuel Bourg wrote: > Three more CVEs have just been announced, a bit more serious this time : > CVE-2016-6816 Apache Tomcat Information Disclosure > CVE-2016-8735 Apache Tomcat Remote Code Execution > CVE-2016-6817 Apache Tomcat Denial of Service > > I'll prepare the stable and jessie-backports updates for tomcat7 and > tomcat8 today. testing/unstable already have the fixed versions. >
Hi, I have pushed the updates for Wheezy which is only affected by CVE-2016-6816 and CVE-2016-8735. Could you isolate the bug in CVE-2016-6797.patch? What exactly was missing from ResourceLinkFactory.java? Regards, Markus
signature.asc
Description: OpenPGP digital signature
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
