Autor: Mark Hindley
Data:
Para: 437, Gianluca Bonetti
Assunto: [devuan-dev] bug#437: tomcat8: Tomcat8 fix for CVE-2020-1938 breaks
compatibility with Apache2 mod_proxy_ajp
Control: tags -1 debian
On Mon, 04 May 2020 21:54:35 +0200 Gianluca Bonetti <gianluca.bonetti@???> wrote:
> Package: tomcat8
> Version: 8.5.54-0+deb9u1
> Severity: grave
>
> Dear Maintainer,
>
> Last tomcat8 upgrade, fixing CVE-2020-1938, is breaking the functionalities of Tomcat AJP connector
> in standard setup.
Gianluca,
Thanks for this. However neither tomcat8 nor apache2 are forked packages in
Devuan and we use Debian's packages directly.
Please report this issue directly to Debian's BTS.
Thanks
Mark