-
tomcat7 (7.0.55-1ubuntu0.2) utopic-security; urgency=medium
* SECURITY UPDATE: SecurityManager bypass via Expression Language
- debian/patches/CVE-2014-7810.patch: handle classes that may not be
accessible but have accessible interfaces in
java/javax/el/BeanELResolver.java, remove unnecessary code in
java/org/apache/jasper/runtime/PageContextImpl.java,
java/org/apache/jasper/security/SecurityClassLoad.java.
- CVE-2014-7810
* Replace expired ssl certs and use TLS to fix tests causing FTBFS:
- debian/patches/0022-use-tls-in-ssl-unit-tests.patch
- debian/patches/0023-replace-expired-ssl-certificates.patch
- debian/source/include-binaries
-- Marc Deslauriers <email address hidden> Fri, 19 Jun 2015 09:52:59 -0400
-
tomcat7 (7.0.55-1) unstable; urgency=medium
* New upstream release
* Refreshed the patches
-- Emmanuel Bourg <email address hidden> Tue, 29 Jul 2014 17:25:50 +0200
-
tomcat7 (7.0.54-2) unstable; urgency=medium
[ Emmanuel Bourg ]
* debian/defaults.template: Bumped the required version of Java mentioned
in the comment on the JAVA_HOME variable
* debian/tomcat7.init: Search for OpenJDK 8 and Oracle JDKs when starting
the server (Closes: #714349)
* Updated the version required for libtcnative-1 (>= 1.1.30)
(Closes: #750454)
-- tony mancill <email address hidden> Sat, 14 Jun 2014 08:09:02 -0700
-
tomcat7 (7.0.54-1) unstable; urgency=medium
* New upstream release
* Refreshed the patches
* Use XZ compression for the upstream tarball
-- Emmanuel Bourg <email address hidden> Thu, 22 May 2014 10:27:10 +0200
-
tomcat7 (7.0.53-1) unstable; urgency=low
* New upstream release.
* Refresh patches:
- debian/patches/0011-fix-classpath-lintian-warnings.patch.
- debian/patches/0015_disable_test_TestCometProcessor.patch.
* Add new patch:
- Disabled Java 8 support in JSPs (requires an Eclipse compiler update).
* Update my email address in Uploaders list.
-- Miguel Landaeta <email address hidden> Thu, 01 May 2014 23:33:35 -0300
-
tomcat7 (7.0.52-1) unstable; urgency=low
* Team upload.
* New upstream release.
- Addresses security issue: CVE-2014-0050
-- Gianfranco Costamagna <email address hidden> Wed, 19 Feb 2014 14:09:48 +0100