Bug 216604 - www/tomcat7: Upgrade to recent version (v7.0.75) - current(7.0.73) is vulnerable
Summary: www/tomcat7: Upgrade to recent version (v7.0.75) - current(7.0.73) is vulnerable
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Alex Dupre
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-01-30 13:53 UTC by Dani I.
Modified: 2017-03-05 02:54 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (ale)
junovitch: merge-quarterly+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dani I. 2017-01-30 13:53:15 UTC 
The current version avilable for FreeBSD is vulnerable since 05.01.2017 and has already been patched upstream. (2 version's higher)

See here: http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Vulnerabilities see here: https://vuxml.freebsd.org/freebsd/e5ec2767-d529-11e6-ae1b-002590263bf5.html

Available version @ ports: 7.0.73
Patched version @ upstream: 7.0.75

Thanks for taking a look at it.
Comment 1 commit-hook freebsd_committer freebsd_triage 2017-03-05 02:48:24 UTC 
A commit references this bug:

Author: junovitch
Date: Sun Mar  5 02:47:49 UTC 2017
New revision: 435442
URL: https://svnweb.freebsd.org/changeset/ports/435442

Log:
  MFH: r434198

  Update to 7.0.75 release.

  PR:		215865
  PR:		216604
  Reported by:	Dani <i.dani@outlook.com>
  Approved by:	ports-secteam (with hat)
  Security:	CVE-2016-8745
  Security:	https://vuxml.FreeBSD.org/freebsd/e5ec2767-d529-11e6-ae1b-002590263bf5.html

Changes:
_U  branches/2017Q1/
  branches/2017Q1/www/tomcat7/Makefile
  branches/2017Q1/www/tomcat7/distinfo
  branches/2017Q1/www/tomcat7/pkg-plist
Comment 2 Jason Unovitch freebsd_committer freebsd_triage 2017-03-05 02:54:50 UTC 
(In reply to Dani from comment #0)
Thanks for the report! The update looks to have slipped in as a routine update in ports/head after this PR was opened and was just merged to quarterly. All actions are completed.