tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Bourg <>
Subject About CVE-2015-5345
Date Thu, 08 Dec 2016 09:54:56 GMT
[resending as a new message instead of a reply, sorry]

Hi all,

I'm still working on the security backports in Debian and I have a
question regarding CVE-2015-5345. On the Tomcat 7 security page the
commits 1715213 and 1717212 are referenced. If I'm not mistaken the
commit 1716860 should also be part of the fix, otherwise the
mapper*RedirectEnabled attributes set on the context are ignored, right?
Also I haven't found an equivalent commit for Tomcat 8, is this normal?

Thank you,

Emmanuel Bourg

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message