From 00b9240636a67d980f24d6cac611b33d2575761e Mon Sep 17 00:00:00 2001 From: Coty Sutherland Date: Mon, 4 Mar 2019 15:28:28 -0500 Subject: [PATCH] Update to JWS 5.0.2 distribution --- pki-servlet-container.spec | 8 +++++--- sources | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/pki-servlet-container.spec b/pki-servlet-container.spec index 495140b..200608e 100644 --- a/pki-servlet-container.spec +++ b/pki-servlet-container.spec @@ -31,7 +31,7 @@ %global major_version 9 %global minor_version 0 %global micro_version 7 -%global redhat_version 12 +%global redhat_version 16 %global packdname apache-tomcat-%{version}.redhat-%{redhat_version}-src # Specification versions @@ -455,8 +455,10 @@ fi %{_mavenpomdir}/JPP-tomcat-servlet-api.pom %changelog -* Fri Nov 09 2018 Coty Sutherland - 1:9.0.7-14 -- Update to JWS 5.0.1 distribution +* Mon Mar 04 2019 Coty Sutherland - 1:9.0.7-14 +- Update to JWS 5.0.2 distribution +- Resolves: rhbz#1658846 CVE-2018-8034 pki-servlet-container: tomcat: host name verification missing in WebSocket client +- Resolves: rhbz#1579614 CVE-2018-8014 pki-servlet-container: tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins - Resolves: rhbz#1619232 - CVE-2018-8037 pki-servlet-container: tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up - Resolves: rhbz#1641874 - CVE-2018-11784 pki-servlet-container: tomcat: Open redirect in default servlet diff --git a/sources b/sources index cd377bb..e65120b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -1e8f64d492694b76faee6c0825e0adf3 tomcat-9.0.7.redhat-12-src.zip +cab3a9624554d5bd07bff460251bddab tomcat-9.0.7.redhat-16-src.zip