Paulo, thank you for the help. Great work!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1915911
Title:
Tomcat9 package is old version with many security issues
To manage notifications abou
Hello Evren, hmm I just published both bionic (9.0.16-3ubuntu0.18.04.2)
and focal (9.0.31-1ubuntu0.2). I finished some tests yesterday. Foi
bionic I had to do some changes and add an extra commit to support one
of fixes.
** Changed in: tomcat9 (Ubuntu)
Status: Confirmed => Fix Released
--
Hi Paulo,
Thanks for looking into this and sorry that I forgot bionic actually. Did all
go well?
I have some other small bugfixes for this package at #1964881 (although not
security related and there are no code changes to source). I am not sure if you
would like to combine them or not?
Thanks!
Hello Evren, thanks for the debdiff. I'm using it to build the new
release for Focal. I did some checks today and will continue on Monday.
If all goes well I think we can have a new package in the archive next
week. Meanwhile, I'm working on the bionic version.
--
You received this bug notificati
** Changed in: tomcat9 (Ubuntu)
Assignee: (unassigned) => Paulo Flabiano Smorigo (pfsmorigo)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1915911
Title:
Tomcat9 package is old version
I have built the package and tried it and seemed to be working. The
added patches were already in the Debian counterpart, therefore there
should not be any problems.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.
* SECURITY UPDATE: TLS Denial of Service
- debian/patches/CVE-2021-41079.patch: Apache Tomcat did not properly
validate incoming TLS packets. When Tomcat was configured to use
NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be
used to trigger an infinite
In the meantime, several security vulnerabilities have been found with
the current version.
https://portswigger.net/daily-swig/http-request-smuggling-vulnerability-
in-apache-tomcat-has-been-present-since-2015
Furthermore, you should skip to version 9.0.48 because there is a BUG in
connection wit
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: tomcat9 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1915911
Tit
