[Bug 1785399] Re: Unfixed vulnerabilities of Tomcat 8.5 in Ubuntu 18.04
Thomas, thanks for the debdiff. I have published this now: https://bugs.launchpad.net/ubuntu/+source/tomcat8/8.5.30-1ubuntu1.4 ** Changed in: tomcat8 (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1785399 Title: Unfixed vulnerabilities of Tomcat 8.5 in Ubuntu 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1785399/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1785399] Re: Unfixed vulnerabilities of Tomcat 8.5 in Ubuntu 18.04
Thanks, I'm looking at this now. ** Changed in: tomcat8 (Ubuntu) Status: New => In Progress ** Changed in: tomcat8 (Ubuntu) Assignee: (unassigned) => Steve Beattie (sbeattie) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1785399 Title: Unfixed vulnerabilities of Tomcat 8.5 in Ubuntu 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1785399/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1785399] Re: Unfixed vulnerabilities of Tomcat 8.5 in Ubuntu 18.04
The attachment "Fixes for CVE-2018-1336, CVE-2018-8034 and CVE-2018-8037 taken from svn.apache.org" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1785399 Title: Unfixed vulnerabilities of Tomcat 8.5 in Ubuntu 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1785399/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1785399] Re: Unfixed vulnerabilities of Tomcat 8.5 in Ubuntu 18.04
I took the patches mentioned on https://tomcat.apache.org/security-8.html and created a debdiff file. Tomcat builds fine and starts. I have never worked with debdiff files before. Can you please have a look at it and give me some feedback? Best regards, Thomas ** Patch added: "Fixes for CVE-2018-1336, CVE-2018-8034 and CVE-2018-8037 taken from svn.apache.org" https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1785399/+attachment/5174922/+files/1-1ubuntu1.4.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1785399 Title: Unfixed vulnerabilities of Tomcat 8.5 in Ubuntu 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1785399/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1785399] Re: Unfixed vulnerabilities of Tomcat 8.5 in Ubuntu 18.04
Thank you for taking the time to report this bug and helping to make Ubuntu better. tomcat8 is in universe in 18.04, so it is dependent on the volunteers to provide security fixes. Please see https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation if you can help with this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1785399 Title: Unfixed vulnerabilities of Tomcat 8.5 in Ubuntu 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1785399/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1785399] Re: Unfixed vulnerabilities of Tomcat 8.5 in Ubuntu 18.04
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-1336 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-8034 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-8037 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1785399 Title: Unfixed vulnerabilities of Tomcat 8.5 in Ubuntu 18.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat8/+bug/1785399/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs