-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers
-
Date:
2015-06-19 09:52:59 UTC
-
Revision ID:
package-import@ubuntu.com-20150619095259-iuwo6rgyti61ngf7
Tags: 7.0.55-1ubuntu0.2
* SECURITY UPDATE: SecurityManager bypass via Expression Language
- debian/patches/CVE-2014-7810.patch: handle classes that may not be
accessible but have accessible interfaces in
java/javax/el/BeanELResolver.java, remove unnecessary code in
java/org/apache/jasper/runtime/PageContextImpl.java,
java/org/apache/jasper/security/SecurityClassLoad.java.
- CVE-2014-7810
* Replace expired ssl certs and use TLS to fix tests causing FTBFS:
- debian/patches/0022-use-tls-in-ssl-unit-tests.patch
- debian/patches/0023-replace-expired-ssl-certificates.patch
- debian/source/include-binaries