Bug 22644

Summary: tomcat new security issues CVE-2018-1304 and CVE-2018-1305
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Java Stack Maintainers <java>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: geiger.david68210
Version: 6   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: tomcat-8.0.49-1.mga6.src.rpm CVE:
Status comment: Fixed upstream in 8.0.50
Bug Depends on: 22503    
Bug Blocks:    

Description David Walser 2018-02-24 16:34:36 CET 
Two security issues fixed upstream in Tomcat have been announced on February 23:
http://openwall.com/lists/oss-security/2018/02/23/2
http://openwall.com/lists/oss-security/2018/02/23/1

The issues are fixed upstream in 8.0.50 and 7.0.85.

Mageia 5 and Mageia 6 are also affected (but we don't need to update 5).
David Walser 2018-02-24 16:34:49 CET

Whiteboard: (none) => MGA6TOO
CC: (none) => geiger.david68210

David Walser 2018-02-25 00:00:42 CET

Status comment: (none) => Fixed upstream in 8.0.50

Comment 1 David GEIGER 2018-02-25 00:50:55 CET 
Done!
Comment 2 David Walser 2018-02-25 00:56:26 CET 
Thanks!  Update in Bug 22503.

Depends on: (none) => 22503
Whiteboard: MGA6TOO => (none)
Version: Cauldron => 6

Comment 3 David Walser 2018-03-01 04:41:23 CET 
Fixed in:
https://advisories.mageia.org/MGASA-2018-0149.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED