[SECURITY] [DLA 1810-1] tomcat7 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1810-1] tomcat7 security update
From: Abhijith PA <abhijith@disroot.org>
Date: Thu, 30 May 2019 13:54:55 +0530
Message-id: <[🔎] 614477fb-6dbd-5a5f-9d4b-484ce7008f6b@disroot.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : tomcat7
Version        : 7.0.56-3+really7.0.94-1
CVE ID         : CVE-2019-0221


Nightwatch Cybersecurity Research team identified a XSS vulnerability
in tomcat7. The SSI printenv command echoes user provided data without
escaping. SSI is disabled by default. The printenv command is intended
for debugging and is unlikely to be present in a production website.

For Debian 8 "Jessie", this problem has been fixed in version
7.0.56-3+really7.0.94-1.

We recommend that you upgrade your tomcat7 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlzvk0wACgkQhj1N8u2c
KO8sAg//ZhhSxTdF4kOcnfh7riy9vuQuxzsNNrjavyMFpghC24tPJhNJPq7fvrfH
1h0K0myfv+KkgUsueeAI52egdrTnJv1v53KBIJ1iRtBRWJfSqqRP1eay7HCr/67Z
YXPnNVQHuZxMm03UZ17b5wOp9Vjk1rYSdwyjRTuclv6RYQvj/KjQvPicOcx/xb11
FjdzUh4GlMguOwRBtMGSN4p/QNo1iqMGqWYFKfEz7emnUxURLf0PWEoGEXFP6U8c
k3N8ZtVNkkHkxLl3QKsRY/peVwW+0y8BRkkVCvgNVhIrj5u4mPI+9xy02ej6wp24
jCi98b34Z78jlt/anuvW5bNnTMnKi8YSySaiIXL3qaTUaEkaBBJmDTfAWF6J8e/M
dgrsir3vnx2hjWD4opJMUpTcpszzcD6MexNenQYaP22DtjK0HIgT8at8XXJVe2/F
fBsEI1iWIEpqr2FcgGGIXRpCXL0UUSwkdyRqU2CMby7dJiooIX+APzERO/GRvRNh
9NK4XIWuC/TbjV63evDE6W7NFqbxw4fN5sQSJMSQYGFcnef9BZdQEGhjSPz7WxHl
gLBrTJXmkq9djgdllEb1c9YCC6fUSsQ/6syPS1pN1Pfhg+EORPDxKNCtjXryoF9C
o9ag1PViKFP/bDY9qooKUzVafDqvby8NsICtknx9cmlE95Vu4PQ=
=jiJy
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1809-1] libav security update
Next by Date: [SECURITY] [DLA 1811-1] miniupnpd security update
Previous by thread: [SECURITY] [DLA 1809-1] libav security update
Next by thread: [SECURITY] [DLA 1811-1] miniupnpd security update
Index(es):
- Date
- Thread