-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Olaf,
On 7/20/20 10:01, Olaf Kock wrote: > > On 20.07.20 15:55, Celestino Federico (ETAS-SEC/ISY-IT) wrote: >> >> >> Could someone tell me how to find a debdiff for tomcat8 package >> from version *8.5.39-1ubuntu1~18.04.3* (last version available on >> Ubuntu 18) and version *8.5.56*? >> >> > My expectation is that you'll have to create this yourself. In the > Debian world, they typically pick a version of any packaged > software and /might/ backport individual fixes from later releases, > but won't update to a newer minor version in most cases. > > I'm not really sure where the sources are kept for the Debian > packages, but there you should be able to see the commit history, > and potentially all fixes that have been backported. +1 Read the CHANGELOG for the package to see if they have addressed the specific CVE you are referencing. If not, request help from Ubuntu support. > Personally, I find Tomcat releases stable (and > backwards-compatible) enough that I rarely rely on any distribution > for Tomcat installations, but rather take the stock download from > tomcat.apache.org and add a daemon start script. The Debian package maintainer for Apache Tomcat is a member of this mailing list. My guess is that an update for this is already in progress if not already released. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl8V1sUACgkQHPApP6U8 pFg9ihAAvxIxfvTbpuk+ewMYfr1Jx4hYtjCS0QBrCdNC5fHE6lUAREOvzb4NlkuH KbXbOeafVN7DT8dVk34fbRz8WP7gCIS9rfaaYo0fuivF8nMGQm1XdqcdbsOMV7Ia jSH5hVE4wBAt5JgbrJcwQArGBF1GvFPYK2ss1oXS4cJzf0I/naE2Rz4+TtmEY5bl EQ6w5DBCv9JT5HJFr7Q+ZvkIEF6PMp6xRh+kcD5s4y9H8/AI6hCRCEn1TvKkQO7F H6yXduKs9shOT0LKI4kxBjw+oWQ2qEUe/DLSHLen/CLV4+aHfWtm0AK6rgKzmG1/ 8Wx7L/5QgLTeV4Y2PZIlTy5CVreiK4dmcQitNG3ISx6ACEEJ7kwgwYRKcCOBqRWu eVCIwOk5WP1otuxFnsrESGNevl8GqOK42W+4BahOSEN2/jiwSDY2dPN2fk9YZC7T c6Q644kBPUGkvsfmGBC36bxjpV9gSNIT551W0EEkCmtrfKJhmJjDYPa0uITcxCwN h4Z5PKCumqbgjFvMZSjHuuWMq1Fb57UMUdM5lSlZcGY0rB0akf5FX0lglcAFEY7z 8CddA5UnKHLbSLQUDATtoK+tYlI3gM68dm73gSpeJCA+SoT+pNuK9l63crS9LpKj plyL6IwrD2FGn4eG4WKx1Ov9GuOBU9xWghXutcb9zMjwcJY+GAk= =zlcQ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org