Bug 216604

Summary: www/tomcat7: Upgrade to recent version (v7.0.75) - current(7.0.73) is vulnerable
Product: Ports & Packages Reporter: Dani I. <i.dani>
Component: Individual Port(s)Assignee: Alex Dupre <ale>
Status: Closed FIXED    
Severity: Affects Many People CC: junovitch
Priority: --- Flags: bugzilla: maintainer-feedback? (ale)
junovitch: merge-quarterly+
Version: Latest   
Hardware: Any   
OS: Any   

Description Dani I. 2017-01-30 13:53:15 UTC 
The current version avilable for FreeBSD is vulnerable since 05.01.2017 and has already been patched upstream. (2 version's higher)

See here: http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Vulnerabilities see here: https://vuxml.freebsd.org/freebsd/e5ec2767-d529-11e6-ae1b-002590263bf5.html

Available version @ ports: 7.0.73
Patched version @ upstream: 7.0.75

Thanks for taking a look at it.
Comment 1 commit-hook freebsd_committer freebsd_triage 2017-03-05 02:48:24 UTC 
A commit references this bug:

Author: junovitch
Date: Sun Mar  5 02:47:49 UTC 2017
New revision: 435442
URL: https://svnweb.freebsd.org/changeset/ports/435442

Log:
  MFH: r434198

  Update to 7.0.75 release.

  PR:		215865
  PR:		216604
  Reported by:	Dani <i.dani@outlook.com>
  Approved by:	ports-secteam (with hat)
  Security:	CVE-2016-8745
  Security:	https://vuxml.FreeBSD.org/freebsd/e5ec2767-d529-11e6-ae1b-002590263bf5.html

Changes:
_U  branches/2017Q1/
  branches/2017Q1/www/tomcat7/Makefile
  branches/2017Q1/www/tomcat7/distinfo
  branches/2017Q1/www/tomcat7/pkg-plist
Comment 2 Jason Unovitch freebsd_committer freebsd_triage 2017-03-05 02:54:50 UTC 
(In reply to Dani from comment #0)
Thanks for the report! The update looks to have slipped in as a routine update in ports/head after this PR was opened and was just merged to quarterly. All actions are completed.