On 20.02.2017 17:45, Salvatore Bonaccorso wrote:
[...]
> Sorry for the delay (due to various circumstances). The fix looks sane
> to me. Assuming the fix could have been tested as well, please do
> upload to security-master.
>
Hi,
no problem. I have just uploaded both packages to security-master
Hi Markus,
On Sat, Feb 18, 2017 at 07:53:33PM +0100, Markus Koschany wrote:
> On 18.02.2017 13:21, Salvatore Bonaccorso wrote:
> [...]
> > No problem. Thanks for noticing, can you let us know as usual when you
> > have a debdiff ready for the regression update?
> >
> > I tend to see this as regre
On 18.02.2017 13:21, Salvatore Bonaccorso wrote:
[...]
> No problem. Thanks for noticing, can you let us know as usual when you
> have a debdiff ready for the regression update?
>
> I tend to see this as regression update for the previous DSA, so no
> need for a new CVE id. But let me know if some
Hi Markus,
On Fri, Feb 17, 2017 at 10:19:18PM +0100, Markus Koschany wrote:
> On 17.02.2017 22:09, Salvatore Bonaccorso wrote:
> > Hi Markus, hi Emmanuel,
> >
> > On Mon, Feb 13, 2017 at 10:48:20AM +0100, Markus Koschany wrote:
> >> On 13.02.2017 08:34, Moritz Mühlenhoff wrote:
> >>> On Sun, Feb
On 17.02.2017 22:09, Salvatore Bonaccorso wrote:
> Hi Markus, hi Emmanuel,
>
> On Mon, Feb 13, 2017 at 10:48:20AM +0100, Markus Koschany wrote:
>> On 13.02.2017 08:34, Moritz Mühlenhoff wrote:
>>> On Sun, Feb 12, 2017 at 09:38:31PM +0100, Markus Koschany wrote:
Hi,
a bug was reporte
Hi Markus, hi Emmanuel,
On Mon, Feb 13, 2017 at 10:48:20AM +0100, Markus Koschany wrote:
> On 13.02.2017 08:34, Moritz Mühlenhoff wrote:
> > On Sun, Feb 12, 2017 at 09:38:31PM +0100, Markus Koschany wrote:
> >> Hi,
> >>
> >> a bug was reported against tomcat8 and tomcat7 in Jessie and it seems
> >
I tried the updated package and it work well.
RickLinux
Original Message
From:Markus Koschany
Sent:Thu, 09 Feb 2017 20:28:53 -0500
To:linux...@gmail.com,k...@juplo.de
Cc:851...@bugs.debian.org
Subject:Re: tomcat8 use 100% cpu time
>Hello,
>
>thank you for reporting this bug. W
On 13.02.2017 08:34, Moritz Mühlenhoff wrote:
> On Sun, Feb 12, 2017 at 09:38:31PM +0100, Markus Koschany wrote:
>> Hi,
>>
>> a bug was reported against tomcat8 and tomcat7 in Jessie and it seems
>> the issue is related to our latest security updates. We would like to
>> address this regression as
On Sun, Feb 12, 2017 at 09:38:31PM +0100, Markus Koschany wrote:
> Hi,
>
> a bug was reported against tomcat8 and tomcat7 in Jessie and it seems
> the issue is related to our latest security updates. We would like to
> address this regression as soon as possible because this one can be
> triggered
Hi,
a bug was reported against tomcat8 and tomcat7 in Jessie and it seems
the issue is related to our latest security updates. We would like to
address this regression as soon as possible because this one can be
triggered remotely and cause a denial-of-service.
I have attached the debdiffs for to
On 12.02.2017 11:24, Kai Moritz wrote:
> Hi Markus,
>
>
> I installed the updated packages (in my case only: libtomcat8-java,
> tomcat8-common and tomcat8) on three different servers. My private one,
> that serves only my own little projects, a test-server and a redundant
> production server at w
Hi Markus,
I installed the updated packages (in my case only: libtomcat8-java,
tomcat8-common and tomcat8) on three different servers. My private one,
that serves only my own little projects, a test-server and a redundant
production server at work.
It looks like they fix the reported issue
I will give it a try as soon as possible.
I would be glad to help
RickLinux
On Feb 9, 2017 8:28 PM, "Markus Koschany" wrote:
> Hello,
>
> thank you for reporting this bug. We think we have found a solution for
> this issue. I have uploaded new binary packages of Tomcat 8 for Debian
> Jessie to
Hello,
thank you for reporting this bug. We think we have found a solution for
this issue. I have uploaded new binary packages of Tomcat 8 for Debian
Jessie to [1] and a debdiff in case you prefer to build the package from
source. We would appreciate it if you could test those packages and tell
us
Le 8/02/2017 à 15:52, Markus Koschany a écrit :
> it appears that Tomcat 7 and 8 in Jessie and Wheezy are affected by this
> bug. Are you still working on it or shall I prepare updates for
> -security based on the upstream patch from
>
> https://github.com/apache/tomcat80/commit/614e7f78aecc429d8
On Fri, 13 Jan 2017 15:16:51 -0500 RickLinux wrote:
> Package: tomcat8
> Version: 8.0.14-1+deb8u6
> Severity: important
>
> Dear Maintainer,
>
> I noticed a bump in CPU load up to 100% per CPU.
> It appear from tomcat8-8.0.14-1+deb8u4 and up.
>
> Here how to create the bug.
>
> http://localhos
Looks like this is the proposed upstream fix:
https://github.com/apache/tomcat80/commit/614e7f78aecc429d8740bb59900c2f9fbc86a788#diff-2aeb244142da5fcb78a54e23f717fcd2
signature.asc
Description: OpenPGP digital signature
Control: forwarded -1 https://bz.apache.org/bugzilla/show_bug.cgi?id=60578
I am marking this bug as forwarded in case someone is wondering about
the current progress. Apparently Emmanuel is already working on an update.
signature.asc
Description: OpenPGP digital signature
Dear Maintainer,
I can confirm the observations of RickLinux.
I have observed the exact same behaviour on several debian-hosts, that
are running Jessie with the version 8.0.14-1+deb8u6 of the
tomcat-packages (and also u4 and u5).
In my case, the effect is triggered by scans, that hit the serve
Package: tomcat8
Version: 8.0.14-1+deb8u6
Severity: important
Dear Maintainer,
I noticed a bump in CPU load up to 100% per CPU.
It appear from tomcat8-8.0.14-1+deb8u4 and up.
Here how to create the bug.
http://localhost:8080, no problem.
https://localhost:8443, no problem (need to create a cert
20 matches
Mail list logo