Debian alert DLA-1810-1 (tomcat7)
| From: | Abhijith PA <abhijith@disroot.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 1810-1] tomcat7 security update | |
| Date: | Thu, 30 May 2019 13:54:55 +0530 | |
| Message-ID: | <614477fb-6dbd-5a5f-9d4b-484ce7008f6b@disroot.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : tomcat7 Version : 7.0.56-3+really7.0.94-1 CVE ID : CVE-2019-0221 Nightwatch Cybersecurity Research team identified a XSS vulnerability in tomcat7. The SSI printenv command echoes user provided data without escaping. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website. For Debian 8 "Jessie", this problem has been fixed in version 7.0.56-3+really7.0.94-1. We recommend that you upgrade your tomcat7 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlzvk0wACgkQhj1N8u2c KO8sAg//ZhhSxTdF4kOcnfh7riy9vuQuxzsNNrjavyMFpghC24tPJhNJPq7fvrfH 1h0K0myfv+KkgUsueeAI52egdrTnJv1v53KBIJ1iRtBRWJfSqqRP1eay7HCr/67Z YXPnNVQHuZxMm03UZ17b5wOp9Vjk1rYSdwyjRTuclv6RYQvj/KjQvPicOcx/xb11 FjdzUh4GlMguOwRBtMGSN4p/QNo1iqMGqWYFKfEz7emnUxURLf0PWEoGEXFP6U8c k3N8ZtVNkkHkxLl3QKsRY/peVwW+0y8BRkkVCvgNVhIrj5u4mPI+9xy02ej6wp24 jCi98b34Z78jlt/anuvW5bNnTMnKi8YSySaiIXL3qaTUaEkaBBJmDTfAWF6J8e/M dgrsir3vnx2hjWD4opJMUpTcpszzcD6MexNenQYaP22DtjK0HIgT8at8XXJVe2/F fBsEI1iWIEpqr2FcgGGIXRpCXL0UUSwkdyRqU2CMby7dJiooIX+APzERO/GRvRNh 9NK4XIWuC/TbjV63evDE6W7NFqbxw4fN5sQSJMSQYGFcnef9BZdQEGhjSPz7WxHl gLBrTJXmkq9djgdllEb1c9YCC6fUSsQ/6syPS1pN1Pfhg+EORPDxKNCtjXryoF9C o9ag1PViKFP/bDY9qooKUzVafDqvby8NsICtknx9cmlE95Vu4PQ= =jiJy -----END PGP SIGNATURE-----