Devuan bug report logs - #437
tomcat8: Tomcat8 fix for CVE-2020-1938 breaks compatibility with Apache2 mod_proxy_ajp

version graph

Package: tomcat8; Maintainer for tomcat8 is (unknown);

Reported by: Gianluca Bonetti <gianluca.bonetti@gmail.com>

Date: Mon, 4 May 2020 20:03:02 UTC

Severity: grave

Tags: debian

Found in version 8.5.54-0+deb9u1

Done: Mark Hindley <mark@hindley.org.uk>

Forwarded to https://bugs.debian.org/959747

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.devuan.org
Subject: bug#437: tomcat8: Tomcat8 fix for CVE-2020-1938 breaks compatibility with Apache2 mod_proxy_ajp
Reply-To: Mark Hindley <mark@hindley.org.uk>, 437@bugs.devuan.org
Resent-From: Mark Hindley <mark@hindley.org.uk>
Resent-To: devuan-bugs@lists.dyne.org
Resent-CC: devuan-dev@lists.dyne.org
X-Loop: owner@bugs.devuan.org
Resent-Date: Tue, 05 May 2020 08:33:01 +0000
Resent-Message-ID: <handler.437.B437.158866740313084@bugs.devuan.org>
Resent-Sender: owner@bugs.devuan.org
X-Devuan-PR-Message: followup 437
X-Devuan-PR-Package: tomcat8
X-Devuan-PR-Keywords: 
References: <158862207573.24044.3823604338219569371.reportbug@sys3.prometeoinformatica.it>
Received: via spool by 437-submit@bugs.devuan.org id=B437.158866740313084
          (code B ref 437); Tue, 05 May 2020 08:33:01 +0000
Received: (at 437) by bugs.devuan.org; 5 May 2020 08:30:03 +0000
Delivered-To: devuanbugs@dyne.org
Received: from tupac3.dyne.org [195.169.149.119]
	by doc.devuan.org with IMAP (fetchmail-6.4.0.beta4)
	for <debbugs@localhost> (single-drop); Tue, 05 May 2020 08:30:03 +0000 (UTC)
Received: from mx.hindley.org.uk (mohindley.plus.com [81.174.245.179])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by vm6.ganeti.dyne.org (Postfix) with ESMTPS id 5CDA1F604B7
	for <437@bugs.devuan.org>; Tue,  5 May 2020 10:22:34 +0200 (CEST)
Received: from apollo.hindleynet ([192.168.1.3] helo=hindley.org.uk)
	by mx.hindley.org.uk with smtp (Exim 4.84_2)
	(envelope-from <mark@hindley.org.uk>)
	id 1jVsqV-0004We-4Y; Tue, 05 May 2020 09:22:31 +0100
Received: (nullmailer pid 18591 invoked by uid 1000);
	Tue, 05 May 2020 08:22:30 -0000
Date: Tue, 5 May 2020 09:22:30 +0100
From: Mark Hindley <mark@hindley.org.uk>
To: 437@bugs.devuan.org, Gianluca Bonetti <gianluca.bonetti@gmail.com>
Message-ID: <20200505082230.GN32762@hindley.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <158862207573.24044.3823604338219569371.reportbug@sys3.prometeoinformatica.it>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Spam-Status: No, score=0.0 required=5.0 tests=FAKE_REPLY_C,SPF_PASS
	autolearn=disabled version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org
Control: tags -1 debian

On Mon, 04 May 2020 21:54:35 +0200 Gianluca Bonetti <gianluca.bonetti@gmail.com> wrote:
> Package: tomcat8
> Version: 8.5.54-0+deb9u1
> Severity: grave
> 
> Dear Maintainer,
> 
> Last tomcat8 upgrade, fixing CVE-2020-1938, is breaking the functionalities of Tomcat AJP connector
> in standard setup.

Gianluca,

Thanks for this. However neither tomcat8 nor apache2 are forked packages in
Devuan and we use Debian's packages directly.

Please report this issue directly to Debian's BTS.

Thanks

Mark

Send a report that this bug log contains spam.


Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Sat Nov 23 11:33:56 2024;