Home | Devuan | Git | Forum | Packages | Popcon
Donate now!
Download

Devuan bug report logs - #437
tomcat8: Tomcat8 fix for CVE-2020-1938 breaks compatibility with Apache2 mod_proxy_ajp

version graph

Package: tomcat8; Maintainer for tomcat8 is (unknown);

Reported by: Gianluca Bonetti <gianluca.bonetti@gmail.com>

Date: Mon, 4 May 2020 20:03:02 UTC

Severity: grave

Tags: debian

Found in version 8.5.54-0+deb9u1

Forwarded to https://bugs.debian.org/959747

Full log

Message #8 received at 437@bugs.devuan.org (full text, mbox, reply):

Received: (at 437) by bugs.devuan.org; 5 May 2020 08:30:03 +0000
Return-Path: <mark@hindley.org.uk>
Delivered-To: devuanbugs@dyne.org
Received: from tupac3.dyne.org [195.169.149.119]
	by doc.devuan.org with IMAP (fetchmail-6.4.0.beta4)
	for <debbugs@localhost> (single-drop); Tue, 05 May 2020 08:30:03 +0000 (UTC)
Received: from mx.hindley.org.uk (mohindley.plus.com [81.174.245.179])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by vm6.ganeti.dyne.org (Postfix) with ESMTPS id 5CDA1F604B7
	for <437@bugs.devuan.org>; Tue,  5 May 2020 10:22:34 +0200 (CEST)
Received: from apollo.hindleynet ([192.168.1.3] helo=hindley.org.uk)
	by mx.hindley.org.uk with smtp (Exim 4.84_2)
	(envelope-from <mark@hindley.org.uk>)
	id 1jVsqV-0004We-4Y; Tue, 05 May 2020 09:22:31 +0100
Received: (nullmailer pid 18591 invoked by uid 1000);
	Tue, 05 May 2020 08:22:30 -0000
Date: Tue, 5 May 2020 09:22:30 +0100
From: Mark Hindley <mark@hindley.org.uk>
To: 437@bugs.devuan.org, Gianluca Bonetti <gianluca.bonetti@gmail.com>
Subject: Re: tomcat8: Tomcat8 fix for CVE-2020-1938 breaks compatibility with
 Apache2 mod_proxy_ajp
Message-ID: <20200505082230.GN32762@hindley.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <158862207573.24044.3823604338219569371.reportbug@sys3.prometeoinformatica.it>
X-Debbugs-No-Ack: No Thanks
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Spam-Status: No, score=0.0 required=5.0 tests=FAKE_REPLY_C,SPF_PASS
	autolearn=disabled version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org

Control: tags -1 debian

On Mon, 04 May 2020 21:54:35 +0200 Gianluca Bonetti <gianluca.bonetti@gmail.com> wrote:
> Package: tomcat8
> Version: 8.5.54-0+deb9u1
> Severity: grave
> 
> Dear Maintainer,
> 
> Last tomcat8 upgrade, fixing CVE-2020-1938, is breaking the functionalities of Tomcat AJP connector
> in standard setup.

Gianluca,

Thanks for this. However neither tomcat8 nor apache2 are forked packages in
Devuan and we use Debian's packages directly.

Please report this issue directly to Debian's BTS.

Thanks

Mark

Send a report that this bug log contains spam.

Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Sat Apr 20 04:27:44 2024;