obsolete

tomcat-8.0.53-1.fc27

FEDORA-2018-21ffebf41c created by csutherl 6 years ago for Fedora 27

This update includes a rebase from 8.0.51 up to 8.0.53 which resolves two CVEs along with various other bugs/features:

  • #1579612 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
  • #1607586 CVE-2018-8034 tomcat: host name verification missing in WebSocket client

This update has been submitted for testing by csutherl.

6 years ago
User Icon lobocode commented & provided feedback 6 years ago
karma

There were some inconsistencies:

 Problem 1: conflicting requests
  - nothing provides tomcat-lib = 1:8.0.53-1.fc27 needed by tomcat-1:8.0.53-1.fc27.noarch
 Problem 2: package tomcat-webapps-1:8.0.53-1.fc27.noarch requires tomcat = 1:8.0.53-1.fc27, but none of the providers can be installed
  - conflicting requests
  - nothing provides tomcat-lib = 1:8.0.53-1.fc27 needed by tomcat-1:8.0.53-1.fc27.noarch
 Problem 3: package tomcat-jsvc-1:8.0.53-1.fc27.noarch requires tomcat = 1:8.0.53-1.fc27, but none of the providers can be installed
  - conflicting requests
  - nothing provides tomcat-lib = 1:8.0.53-1.fc27 needed by tomcat-1:8.0.53-1.fc27.noarch
 Problem 4: package tomcat-docs-webapp-1:8.0.53-1.fc27.noarch requires tomcat = 1:8.0.53-1.fc27, but none of the providers can be installed
  - conflicting requests
  - nothing provides tomcat-lib = 1:8.0.53-1.fc27 needed by tomcat-1:8.0.53-1.fc27.noarch
 Problem 5: package tomcat-admin-webapps-1:8.0.53-1.fc27.noarch requires tomcat = 1:8.0.53-1.fc27, but none of the providers can be installed
  - conflicting requests
  - nothing provides tomcat-lib = 1:8.0.53-1.fc27 needed by tomcat-1:8.0.53-1.fc27.noarch

This update has been pushed to testing.

6 years ago

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

6 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

6 years ago
User Icon csutherl commented & provided feedback 6 years ago

Are you sure this isn't an environmental issue? The changes committed to rebase were minimal and should not have caused this problem. Additionally, looking at the build information in koji shows that the tomcat-lib package does in fact provide "tomcat-lib = 1:8.0.53-1.fc27". I'll setup a VM to test as soon as I can, but I don't see any cause for this at first glance.

Please log in to add feedback.

Metadata
Type
security
Karma
-1
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Thresholds
Minimum Karma
+1
Minimum Testing
7 days
Dates
submitted
6 years ago
in testing
6 years ago
Builds
1
tomcat-8.0.53-1.fc27
BZ#1579612 CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins [fedora-all]
0
0
BZ#1607586 CVE-2018-8034 tomcat: host name verification missing in WebSocket client [fedora-all]
0
0
tomcat-8.0.53-1.fc27

Automated Test Results

Copyright © 2007-2025 Red Hat, Inc. and others.

Running bodhi-server 25.5.1 on bodhi-web-181-sm2p2.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy