Bug 1347240 - Tomcat 7.0.68 on EPEL6 to fix CVE-2015-5345
Summary: Tomcat 7.0.68 on EPEL6 to fix CVE-2015-5345
Keywords:
Status: CLOSED DUPLICATE of bug 1352009
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: tomcat
Version: el6
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Ivan Afonichev
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: CVE-2015-5345
TreeView+ depends on / blocked
 
Reported: 2016-06-16 11:23 UTC by Patrick van Staveren
Modified: 2016-07-01 12:03 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-07-01 12:03:26 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Patrick van Staveren 2016-06-16 11:23:50 UTC 
Hello,

We're looking to upgrade some of our EL6 machines to mitigate CVE-2015-5345.  It looks like the bump from 7.0.65 -> 7.0.68 has already been pushed to Fedora 22 and 23 a few months back [1], but not to EPEL6 yet.

Is it possible to build it up?  We'd be happy to test & validate it on some live systems which rely on it.

1: https://bodhi.fedoraproject.org/updates/FEDORA-2016-e6651efbaf

Let me know if there's anything I can do to help.
Comment 1 Coty Sutherland 2016-06-16 14:12:25 UTC 
I just rebased some other things yesterday, so this was pretty easy. Here's my proposal:

https://github.com/csutherl/fedora-tomcat/commit/dbd0764
Comment 2 Coty Sutherland 2016-06-20 19:00:59 UTC 
This should be POST instead of MODIFIED.
Comment 3 Coty Sutherland 2016-07-01 12:03:26 UTC 
Given that there are other CVEs that would be fixed by a rebase I opened a new bug to include them all rather than dealing with each one individually. Please see bug 1352009 for more details.

*** This bug has been marked as a duplicate of bug 1352009 ***
Note You need to log in before you can comment on or make changes to this bug.