import tomcat-7.0.76-16.el7_9

84184975 · CentOS Sources · 90ce6a11 · 84184975 · 84184975
Commit 84184975 authored 4 years ago by CentOS Sources
Expand all Hide whitespace changes
Inline Side-by-side

Showing

with 991 additions and 1 deletion
+991 -1
--- a/SOURCES/tomcat-7.0.76-CVE-2020-1935.patch
+++ b/SOURCES/tomcat-7.0.76-CVE-2020-1935.patch
--- a/SPECS/tomcat.spec
+++ b/SPECS/tomcat.spec
@@ -54,7 +54,7 @@
 Name:          tomcat
 Epoch:         0
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       15%{?dist}
+Release:       16%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API

 Group:         System Environment/Daemons
@@ -107,6 +107,7 @@ Patch19: %{name}-7.0.76-rhbz-1795645.patch
 Patch20: %{name}-7.0.76-CVE-2019-17563.patch
 Patch21: %{name}-7.0.76-CVE-2020-9484.patch
 Patch22: %{name}-7.0.76-CVE-2020-13935.patch
+Patch23: %{name}-7.0.76-CVE-2020-1935.patch

 BuildArch:     noarch

@@ -274,6 +275,7 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
 %patch20 -p0
 %patch21 -p0
 %patch22 -p0
+%patch23 -p0

 %{__ln_s} $(build-classpath jakarta-taglibs-core) webapps/examples/WEB-INF/lib/jstl.jar
 %{__ln_s} $(build-classpath jakarta-taglibs-standard) webapps/examples/WEB-INF/lib/standard.jar
@@ -718,6 +720,9 @@ fi
 %attr(0644,root,root) %{_unitdir}/%{name}-jsvc.service

 %changelog
+* Wed Sep 23 2020 Hui Wang <huwang@redhat.com> 0:7.0.76-16
+- Resolves: rhbz#1814315 CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling
+
 * Fri Jul 17 2020 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-15
 - Resolves: CVE-2020-13935 tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS