-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3428-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff December 18, 2015 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat8 CVE ID : CVE-2014-7810 It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section. For the stable distribution (jessie), this problem has been fixed in version 8.0.14-1+deb8u1. For the testing distribution (stretch), this problem has been fixed in version 8.0.21-2. For the unstable distribution (sid), this problem has been fixed in version 8.0.21-2. We recommend that you upgrade your tomcat8 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWdHblAAoJEBDCk7bDfE42uk0P/1ru4eTUHe7EYR3Bw/P/YoX2 G3jaGfxPiyS4t5sXWFmlJsz6ggCxWtjIjsAVVzDGZirrhlnw/9iwpISUGRm3iuPk MlKeFp+tRFzMxO4f4Rh+IgIWPP9Bbktq25vfgv7urujMMQYUz05iiO8PwXHnfeG4 tepkelVayBXKmbVFlGTwNQr1Byhm+/t72JjbvziF12ghHEdh4QzmkrSjOPOuxGs9 FXlkK8x5Tq+Y1fmwSDq1vEtWdW97nJ1TdhjPRoA5LbQddnU0dfWstxdT+sGu7ZMc redjYg431xKhNZ7m+wYpTuvyFkuSsWDZ8vWIznBAurhLn8zwdAuE6dhIjFFsU5KV uYEN1e1wzAFZxCMRu0q8HAMhLVy3eJLvKbcswiv9sCy/HxE3TkETZyrKqOrccs0S uO51Gq06zEUjFTOnVmu7M0Zx2yYDY10Ow/CiJFQrqTZ2TtXklFwfcxFyZpuHzH/4 xQeRlMXebVb6A67rKMnwPV8qW0iog0lM3VNBgYCuqlDgdBRw/conuCnqR4brRlLy 53crISZqUS4xsyVelSlq03yhewPqEw79meVlpKBWhAF65xM2CoWspmzXe16UbI8S SSy8KcOTX4lHQ8Ry0ftZdTNlMwwhseXZFDzU8gPJHFQecmYsXJp4CyQbh0Y4LIMR aN7VDUk2ShOfmrkJc5v3 =U1f0 -----END PGP SIGNATURE-----