[Bug 804992] New: tomcat: sanitize the CLASSPATH before start a service
https://bugzilla.novell.com/show_bug.cgi?id=804992 https://bugzilla.novell.com/show_bug.cgi?id=804992#c0 Summary: tomcat: sanitize the CLASSPATH before start a service Classification: openSUSE Product: openSUSE 12.3 Version: RC 1 Platform: Other OS/Version: Other Status: ASSIGNED Severity: Normal Priority: P5 - None Component: Java AssignedTo: mvyskocil@suse.com ReportedBy: mvyskocil@suse.com QAContact: qa-bugs@suse.de Found By: Community User Blocker: --- background: https://build.opensuse.org/request/show/15558 http://youtrack.jetbrains.com/issue/JT-18545 the CLASSPATH should be sanitized: 1.) remove trailing colons 2.) remove :: @maintenance, please add it to planned list for 12.2, 12.1, sle-10, sle-11. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804992 https://bugzilla.novell.com/show_bug.cgi?id=804992#c1 --- Comment #1 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-02-21 16:00:48 CET --- This is an autogenerated message for OBS integration: This bug (804992) was mentioned in https://build.opensuse.org/request/show/155984 Factory / tomcat -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804992 https://bugzilla.novell.com/show_bug.cgi?id=804992#c2 --- Comment #2 from Андрей Кувшинов <m407@mail.ru> 2013-02-21 16:39:45 UTC --- https://build.opensuse.org/request/show/155580 - correct URL for request -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804992 https://bugzilla.novell.com/show_bug.cgi?id=804992#c3 Michal Vyskocil <mvyskocil@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |maint-coord@suse.de --- Comment #3 from Michal Vyskocil <mvyskocil@suse.com> 2013-03-14 12:50:37 UTC --- Hi maintenance, please add this bug to the list of planned updates for tomcat (jakarta-tomcat, tomcat5, tomcat6). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804992 https://bugzilla.novell.com/show_bug.cgi?id=804992#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |maint:planned:update -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804992 https://bugzilla.novell.com/show_bug.cgi?id=804992#c4 Leonardo Chiquitto <lchiquitto@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED CC| |lchiquitto@suse.com InfoProvider|maint-coord@suse.de | --- Comment #4 from Leonardo Chiquitto <lchiquitto@suse.com> 2013-03-18 15:20:58 UTC --- Done. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804992 https://bugzilla.novell.com/show_bug.cgi?id=804992#c5 --- Comment #5 from Michal Vyskocil <mvyskocil@suse.com> 2013-07-26 13:09:26 UTC --- fixed with bnc#822177 for tomcat, tomcat6 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804992 https://bugzilla.novell.com/show_bug.cgi?id=804992#c7 --- Comment #7 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-07-26 16:00:16 CEST --- This is an autogenerated message for OBS integration: This bug (804992) was mentioned in https://build.opensuse.org/request/show/184435 Maintenance / -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804992 https://bugzilla.novell.com/show_bug.cgi?id=804992#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:planned:update |maint:planned:update | |obs:running:1890:moderate -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804992 https://bugzilla.novell.com/show_bug.cgi?id=804992#c8 --- Comment #8 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-07-30 16:00:17 CEST --- This is an autogenerated message for OBS integration: This bug (804992) was mentioned in https://build.opensuse.org/request/show/184951 Maintenance / -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804992 https://bugzilla.novell.com/show_bug.cgi?id=804992#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:planned:update |maint:planned:update |obs:running:1890:moderate |obs:running:1890:moderate | |maint:running:53781:moderat | |e -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804992 https://bugzilla.novell.com/show_bug.cgi?id=804992#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:planned:update |maint:planned:update |obs:running:1890:moderate |maint:running:53781:moderat |maint:running:53781:moderat |e |e | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804992 https://bugzilla.novell.com/show_bug.cgi?id=804992#c11 --- Comment #11 from Swamp Workflow Management <swamp@suse.de> 2013-08-07 08:04:58 UTC --- openSUSE-SU-2013:1307-1: An update that solves three vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 768772,804992,822177,831117,831119 CVE References: CVE-2013-1976,CVE-2013-2067,CVE-2013-3544 Sources used: openSUSE 12.2 (src): tomcat-7.0.27-2.19.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804992 https://bugzilla.novell.com/show_bug.cgi?id=804992#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:planned:update |maint:planned:update |maint:running:53781:moderat |maint:running:53781:moderat |e |e obs:running:1890:moderate -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804992 https://bugzilla.novell.com/show_bug.cgi?id=804992#c12 --- Comment #12 from Klaus Wagner <kgw@suse.com> 2013-08-14 12:44:29 UTC --- Re: Update candidate tomcat6-6.0.18-20.35.42.1 for SLE-11 SP3 and SP2 Here source files tomcat6-6.0.jasper.sh and tomcat6-6.0.wrapper were modified by adding the statement CLASSPATH="`echo ${CLASSPATH} | sed 's/::+/:/g; s/^://; s/:$//g'`" for sanitizing purposes. This does not work properly (sed does not regard + as a metacharacter). For instance, each of the following corrections would do instead: CLASSPATH="`echo ${CLASSPATH} | sed 's/::\+/:/g; s/^://; s/:$//g'`" CLASSPATH="`echo ${CLASSPATH} | sed 's/:::*/:/g; s/^://; s/:$//g'`" (cosmetics: also, s/:$// rather than s/:$//g is enough). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804992 https://bugzilla.novell.com/show_bug.cgi?id=804992#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:planned:update |maint:planned:update |maint:running:53781:moderat |maint:running:53781:moderat |e obs:running:1890:moderate |e -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804992 https://bugzilla.novell.com/show_bug.cgi?id=804992#c13 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:planned:update | |maint:running:53781:moderat |maint:running:53781:moderat |e |e | |maint:released:sle11-sp2:53 | |857 --- Comment #13 from Swamp Workflow Management <swamp@suse.de> 2013-08-22 22:15:32 UTC --- Update released for: tomcat6, tomcat6-admin-webapps, tomcat6-docs-webapp, tomcat6-javadoc, tomcat6-jsp-2_1-api, tomcat6-lib, tomcat6-servlet-2_5-api, tomcat6-webapps Products: SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP2 (i386, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804992 https://bugzilla.novell.com/show_bug.cgi?id=804992#c14 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| | |maint:running:53781:moderat |maint:running:53781:moderat |e |e |maint:released:sle11-sp2:53 |maint:released:sle11-sp3:53 |857 |858 --- Comment #14 from Swamp Workflow Management <swamp@suse.de> 2013-08-22 22:20:36 UTC --- Update released for: tomcat6, tomcat6-admin-webapps, tomcat6-docs-webapp, tomcat6-javadoc, tomcat6-jsp-2_1-api, tomcat6-lib, tomcat6-servlet-2_5-api, tomcat6-webapps Products: SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804992 https://bugzilla.novell.com/show_bug.cgi?id=804992#c15 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| | |maint:running:53781:moderat |maint:running:53781:moderat |e |e |maint:released:sle11-sp3:53 |maint:released:sle11-sp3:53 |858 |858 | |maint:released:sle11-sp1:53 | |856 --- Comment #15 from Swamp Workflow Management <swamp@suse.de> 2013-08-22 22:46:27 UTC --- Update released for: tomcat6, tomcat6-admin-webapps, tomcat6-docs-webapp, tomcat6-javadoc, tomcat6-jsp-2_1-api, tomcat6-lib, tomcat6-servlet-2_5-api, tomcat6-webapps Products: SLE-SERVER 11-SP1-TERADATA (x86_64) SUSE-MANAGER 1.2 (x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804992 https://bugzilla.novell.com/show_bug.cgi?id=804992#c16 Matthias Weckbecker <mweckbecker@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #16 from Matthias Weckbecker <mweckbecker@suse.com> 2013-08-27 12:15:14 CEST --- released -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804992 https://bugzilla.novell.com/show_bug.cgi?id=804992#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |maint:released:sle11-sp3:53 |maint:running:53781:moderat |858 |e |maint:released:sle11-sp1:53 |maint:released:sle11-sp3:53 |856 |858 | |maint:released:sle11-sp1:53 | |856 | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=804992 https://bugzilla.novell.com/show_bug.cgi?id=804992#c17 SMASH SMASH <smash_bz@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:released:sle11-sp3:53 |maint:released:sle11-sp3:53 |858 |858 |maint:released:sle11-sp1:53 |maint:released:sle11-sp1:53 |856 |856 maint:planned:update --- Comment #17 from SMASH SMASH <smash_bz@suse.de> 2014-07-18 01:00:50 UTC --- Affected packages: SLE-10-SP4: tomcat5 SLE-9-SP4: jakarta-tomcat -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=804992 http://bugzilla.novell.com/show_bug.cgi?id=804992#c18 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|maint:released:sle11-sp3:53 |maint:released:sle11-sp3:53 |858 |858 |maint:released:sle11-sp1:53 |maint:released:sle11-sp1:53 |856 maint:planned:update |856 | |maint:running:62898:moderat | |e --- Comment #18 from Swamp Workflow Management <swamp@suse.de> --- An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2016-07-29. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62898 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=804992 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|maint:released:sle11-sp3:53 |maint:released:sle11-sp3:53 |858 |858 |maint:released:sle11-sp1:53 |maint:released:sle11-sp1:53 |856 |856 |maint:running:62898:moderat |maint:running:62898:moderat |e |e maint:planned:update -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com