Bug 249526

Summary: www/tomcat{7,85,9,-devel}: Update to 7.0.106, 8.5.58, 9.0.38, 10.0.0-M8
Product: Ports & Packages Reporter: VVD <vvd>
Component: Individual Port(s)Assignee: Jochen Neumeister <joneum>
Status: Closed FIXED    
Severity: Affects Some People CC: ale, joneum, ports-secteam
Priority: --- Flags: vvd: maintainer-feedback+
Version: Latest   
Hardware: Any   
OS: Any   
URL: https://tomcat.apache.org
Attachments:
Description Flags
Update to 8.5.58, 9.0.38, 10.0.0-M8
vvd: maintainer-approval+
Update to 7.0.106 vvd: maintainer-approval? (ale)

Comment 1 VVD 2020-09-22 20:18:53 UTC
Created attachment 218189 [details]
Update to 7.0.106

Tested on 12.1-p10 amd64: make check-plist/install.

P.S. I'm not the maintainer of the tomcat7.
Comment 2 commit-hook freebsd_committer 2020-09-23 17:23:00 UTC
A commit references this bug:

Author: joneum
Date: Wed Sep 23 17:22:16 UTC 2020
New revision: 549757
URL: https://svnweb.freebsd.org/changeset/ports/549757

Log:
  www/tomcat{7,85,9,-devel}: Update to 7.0.106, 8.5.58, 9.0.38, 10.0.0-M8

  PR:		249526
  Sponsored by:	Netzkommune GmbH

Changes:
  head/www/tomcat-devel/Makefile
  head/www/tomcat-devel/distinfo
  head/www/tomcat-devel/pkg-plist
  head/www/tomcat7/Makefile
  head/www/tomcat7/distinfo
  head/www/tomcat7/pkg-plist
  head/www/tomcat85/Makefile
  head/www/tomcat85/distinfo
  head/www/tomcat85/pkg-plist
  head/www/tomcat9/Makefile
  head/www/tomcat9/distinfo
  head/www/tomcat9/pkg-plist
Comment 3 VVD 2020-10-12 18:37:50 UTC
This update fixed this CVE-2020-13943 "Apache Tomcat HTTP/2 Request mix-up0":
http://tomcat.apache.org/security-10.html
http://tomcat.apache.org/security-9.html
http://tomcat.apache.org/security-8.html

P.S. If somebody from secteam want to add it in security/vuxml/vuln.xml.