I am working on tomcat8 to address the two currently outstanding CVEs.
After I approached him for some guidance, Markus Koschany pointed out
that upstream has made an [END OF LIFE] announcement for Tomcat 8.0.
Support ends on 30th June.
The patches for the two currently outsanding CVEs apply
On Wed, Jun 27, 2018 at 08:33:48AM -0400, Antoine Beaupré wrote:
>
> As an outsider not very familiar with Tomcat, I guess the main question
> I would like to answer before figuring this out would be what kind of
> compatibility garantees does Tomcat provide between versions. If it
> respects
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: simplesamlphp
Version: 1.13.1-2+deb8u2
CVE ID : CVE-2017-12868 CVE-2017-12872
CVE-2017-12872 / CVE-2017-12868
The (1) Htpasswd authentication source in the authcrypt module and (2)
SimpleSAML_Session
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Package: mosquitto
Version: 1.3.4-2+deb8u2
CVE ID : CVE-2017-7651 CVE-2017-7652
CVE-2017-7651
fix to avoid extraordinary memory consumption by crafted
CONNECT packet from unauthenticated client
CVE-2017-7652
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Fri, 29 Jun 2018 19:03:02 +0200
Source: mosquitto
Binary: mosquitto libmosquitto1 libmosquitto-dev libmosquittopp1
libmosquittopp-dev mosquitto-clients python-mosquitto python3-mosquitto
mosquitto-dbg
Architecture: source amd64
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Fri, 29 Jun 2018 18:55:01 +0200
Source: simplesamlphp
Binary: simplesamlphp
Architecture: source all
Version: 1.13.1-2+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Thijs Kinkhorst
Changed-By: Thorsten Alteholz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: mariadb-10.0
Version: 10.0.35-0+deb8u1
CVE ID : CVE-2017-10268 CVE-2017-10378 CVE-2018-2562 CVE-2018-2612
CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668
CVE-2018-2755
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Fri, 22 Jun 2018 09:23:13 +0200
Source: mariadb-10.0
Binary: libmariadbd-dev mariadb-common mariadb-client-core-10.0
mariadb-client-10.0 mariadb-server-core-10.0 mariadb-test-10.0
mariadb-server-10.0 mariadb-server mariadb-client
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: firefox-esr
Version: 52.9.0esr-1~deb8u1
CVE ID : CVE-2018-5156 CVE-2018-5188 CVE-2018-12359 CVE-2018-12360
CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365
CVE-2018-12366
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: libgcrypt20
Version: 1.6.3-2+deb8u5
CVE ID : CVE-2018-0495
It was discovered that Libgcrypt is prone to a local side-channel attack
allowing recovery of ECDSA private keys.
For Debian 8 "Jessie", these problems
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Fri, 22 Jun 2018 11:35:48 +0200
Source: libgcrypt20
Binary: libgcrypt20-doc libgcrypt20-dev libgcrypt20-dbg libgcrypt20
libgcrypt20-udeb libgcrypt11-dev
Architecture: source all amd64
Version: 1.6.3-2+deb8u5
Distribution:
Antoine,
> >> I am not sure why the test suite fails nor why the output varies from
> >> one build to the next. Once a package is built, however, it passes the
> >> test suite reliably.
[…]
> Sure. I guess I see this from the perspective of "does the actual fix
> work or not" as well. ;)
Sorry
12 matches
Mail list logo