Hello, We're looking to upgrade some of our EL6 machines to mitigate CVE-2015-5345. It looks like the bump from 7.0.65 -> 7.0.68 has already been pushed to Fedora 22 and 23 a few months back [1], but not to EPEL6 yet. Is it possible to build it up? We'd be happy to test & validate it on some live systems which rely on it. 1: https://bodhi.fedoraproject.org/updates/FEDORA-2016-e6651efbaf Let me know if there's anything I can do to help.
I just rebased some other things yesterday, so this was pretty easy. Here's my proposal: https://github.com/csutherl/fedora-tomcat/commit/dbd0764
This should be POST instead of MODIFIED.
Given that there are other CVEs that would be fixed by a rebase I opened a new bug to include them all rather than dealing with each one individually. Please see bug 1352009 for more details. *** This bug has been marked as a duplicate of bug 1352009 ***