Patch for Ubuntu 18

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Patch for Ubuntu 18

Celestino Federico (ETAS-SEC/ISY-IT)

Hello there,

 

Could someone tell me how to find a debdiff for tomcat8 package from version 8.5.39-1ubuntu1~18.04.3 (last version available on Ubuntu 18) and version 8.5.56?

I thank you in advance.

Best regards / Mit freundlichen Grüßen,

Federico Celestino
IT Systems Engineer

 

ESCRYPT GmbH
Wittener Str. 45, 44789 Bochum, Germany

E-mail:    [hidden email]

Business Phone:  +49 2344 3870345

Mobile Phone:  +49 1733074315


www.escrypt.com

 

Reply | Threaded
Open this post in threaded view
|

Re: Patch for Ubuntu 18

Olaf Kock

On 20.07.20 15:55, Celestino Federico (ETAS-SEC/ISY-IT) wrote:
>  
>
> Could someone tell me how to find a debdiff for tomcat8 package from
> version *8.5.39-1ubuntu1~18.04.3* (last version available on Ubuntu
> 18) and version *8.5.56*?
>
>
My expectation is that you'll have to create this yourself. In the
Debian world, they typically pick a version of any packaged software and
/might/ backport individual fixes from later releases, but won't update
to a newer minor version in most cases.

I'm not really sure where the sources are kept for the Debian packages,
but there you should be able to see the commit history, and potentially
all fixes that have been backported.

Personally, I find Tomcat releases stable (and backwards-compatible)
enough that I rarely rely on any distribution for Tomcat installations,
but rather take the stock download from tomcat.apache.org and add a
daemon start script.

Olaf


Reply | Threaded
Open this post in threaded view
|

Re: Patch for Ubuntu 18

Christopher Schultz-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Olaf,

On 7/20/20 10:01, Olaf Kock wrote:

>
> On 20.07.20 15:55, Celestino Federico (ETAS-SEC/ISY-IT) wrote:
>>
>>
>> Could someone tell me how to find a debdiff for tomcat8 package
>> from version *8.5.39-1ubuntu1~18.04.3* (last version available on
>> Ubuntu 18) and version *8.5.56*?
>>
>>
> My expectation is that you'll have to create this yourself. In the
> Debian world, they typically pick a version of any packaged
> software and /might/ backport individual fixes from later releases,
> but won't update to a newer minor version in most cases.
>
> I'm not really sure where the sources are kept for the Debian
> packages, but there you should be able to see the commit history,
> and potentially all fixes that have been backported.

+1

Read the CHANGELOG for the package to see if they have addressed the
specific CVE you are referencing. If not, request help from Ubuntu
support.

> Personally, I find Tomcat releases stable (and
> backwards-compatible) enough that I rarely rely on any distribution
> for Tomcat installations, but rather take the stock download from
> tomcat.apache.org and add a daemon start script.

The Debian package maintainer for Apache Tomcat is a member of this
mailing list. My guess is that an update for this is already in
progress if not already released.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl8V1sUACgkQHPApP6U8
pFg9ihAAvxIxfvTbpuk+ewMYfr1Jx4hYtjCS0QBrCdNC5fHE6lUAREOvzb4NlkuH
KbXbOeafVN7DT8dVk34fbRz8WP7gCIS9rfaaYo0fuivF8nMGQm1XdqcdbsOMV7Ia
jSH5hVE4wBAt5JgbrJcwQArGBF1GvFPYK2ss1oXS4cJzf0I/naE2Rz4+TtmEY5bl
EQ6w5DBCv9JT5HJFr7Q+ZvkIEF6PMp6xRh+kcD5s4y9H8/AI6hCRCEn1TvKkQO7F
H6yXduKs9shOT0LKI4kxBjw+oWQ2qEUe/DLSHLen/CLV4+aHfWtm0AK6rgKzmG1/
8Wx7L/5QgLTeV4Y2PZIlTy5CVreiK4dmcQitNG3ISx6ACEEJ7kwgwYRKcCOBqRWu
eVCIwOk5WP1otuxFnsrESGNevl8GqOK42W+4BahOSEN2/jiwSDY2dPN2fk9YZC7T
c6Q644kBPUGkvsfmGBC36bxjpV9gSNIT551W0EEkCmtrfKJhmJjDYPa0uITcxCwN
h4Z5PKCumqbgjFvMZSjHuuWMq1Fb57UMUdM5lSlZcGY0rB0akf5FX0lglcAFEY7z
8CddA5UnKHLbSLQUDATtoK+tYlI3gM68dm73gSpeJCA+SoT+pNuK9l63crS9LpKj
plyL6IwrD2FGn4eG4WKx1Ov9GuOBU9xWghXutcb9zMjwcJY+GAk=
=zlcQ
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]