There was nothing added to the package regarding startup. The user reports after using update-rc.d to manage when tomcat7 would start, when upgrading, they are added back. Note that the update-rc.d manpage states: "Please note that this program was designed for use in package maintainer scripts and, accordingly, has only the very limited functionality required by such scripts. System administrators are not encouraged to use update-rc.d to manage runlevels." This is arguably a problem in the tomcat7 packaging, not a problem with this security update. Looking at /var/lib/dpkg/info/tomcat7.postinst, dh_installinit will unconditionally add the files back. Often, server software is packaged such that the initscript will honor /etc/default/.... /etc/default/tomcat7 does exist, but there is no setting in there to short circuit startup.
As I understand the current tomcat7 packaging after looking at it for a few minutes, rather than using update-rc.d, the user should either edit settings in /etc/tomcat7 or add an 'exit 0' to /etc/init.d/tomcat7 if tomcat7 should be installed but not started. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs