FEDORA-2018-21ffebf41c created by csutherl a year ago for Fedora 27
obsolete

This update includes a rebase from 8.0.51 up to 8.0.53 which resolves two CVEs along with various other bugs/features:

  • #1579612 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
  • #1607586 CVE-2018-8034 tomcat: host name verification missing in WebSocket client
This update has been submitted for testing by csutherl. a year ago
User Icon lobocode commented & provided feedback a year ago
karma

There were some inconsistencies:

 Problem 1: conflicting requests
  - nothing provides tomcat-lib = 1:8.0.53-1.fc27 needed by tomcat-1:8.0.53-1.fc27.noarch
 Problem 2: package tomcat-webapps-1:8.0.53-1.fc27.noarch requires tomcat = 1:8.0.53-1.fc27, but none of the providers can be installed
  - conflicting requests
  - nothing provides tomcat-lib = 1:8.0.53-1.fc27 needed by tomcat-1:8.0.53-1.fc27.noarch
 Problem 3: package tomcat-jsvc-1:8.0.53-1.fc27.noarch requires tomcat = 1:8.0.53-1.fc27, but none of the providers can be installed
  - conflicting requests
  - nothing provides tomcat-lib = 1:8.0.53-1.fc27 needed by tomcat-1:8.0.53-1.fc27.noarch
 Problem 4: package tomcat-docs-webapp-1:8.0.53-1.fc27.noarch requires tomcat = 1:8.0.53-1.fc27, but none of the providers can be installed
  - conflicting requests
  - nothing provides tomcat-lib = 1:8.0.53-1.fc27 needed by tomcat-1:8.0.53-1.fc27.noarch
 Problem 5: package tomcat-admin-webapps-1:8.0.53-1.fc27.noarch requires tomcat = 1:8.0.53-1.fc27, but none of the providers can be installed
  - conflicting requests
  - nothing provides tomcat-lib = 1:8.0.53-1.fc27 needed by tomcat-1:8.0.53-1.fc27.noarch
This update has been pushed to testing. a year ago
Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe. a year ago
This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes a year ago
User Icon csutherl commented & provided feedback a year ago

Are you sure this isn't an environmental issue? The changes committed to rebase were minimal and should not have caused this problem. Additionally, looking at the build information in koji shows that the tomcat-lib package does in fact provide "tomcat-lib = 1:8.0.53-1.fc27". I'll setup a VM to test as soon as I can, but I don't see any cause for this at first glance.


Please login to add feedback.

Metadata
Type
security
Karma
-1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Dates
submitted
a year ago
in testing
a year ago
BZ#1579612 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins [fedora-all]
0
0
BZ#1607586 CVE-2018-8034 tomcat: host name verification missing in WebSocket client [fedora-all]
0
0

Automated Test Results