Author: markt
Date: Fri Jan 27 09:48:50 2017
New Revision: 1780528
URL: http://svn.apache.org/viewvc?rev=1780528&view=rev
Log:
Update the fix versions and release dates now the votes for 8.0.x and 7..x have
passed.
Add the usual text regarding fixes in releases where the release vote did not
pass.
Modified:
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/docs/security-8.html
tomcat/site/trunk/xdocs/security-6.xml
tomcat/site/trunk/xdocs/security-7.xml
tomcat/site/trunk/xdocs/security-8.xml
Modified: tomcat/site/trunk/docs/security-6.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1780528&r1=1780527&r2=1780528&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Fri Jan 27 09:48:50 2017
@@ -219,7 +219,7 @@
<a href="#Apache_Tomcat_6.x_vulnerabilities">Apache Tomcat 6.x
vulnerabilities</a>
</li>
<li>
-<a href="#Fixed_in_Apache_Tomcat_6.0.49">Fixed in Apache Tomcat 6.0.49</a>
+<a href="#Fixed_in_Apache_Tomcat_6.0.50">Fixed in Apache Tomcat 6.0.50</a>
</li>
<li>
<a href="#Fixed_in_Apache_Tomcat_6.0.48">Fixed in Apache Tomcat 6.0.48</a>
@@ -340,12 +340,21 @@
</div>
-<h3 id="Fixed_in_Apache_Tomcat_6.0.49">
-<span style="float: right;">not yet released</span> Fixed in Apache Tomcat
6.0.49</h3>
+<h3 id="Fixed_in_Apache_Tomcat_6.0.50">
+<span style="float: right;">not yet released</span> Fixed in Apache Tomcat
6.0.50</h3>
<div class="text">
<p>
+<i>Note: The issue below was fixed in Apache Tomcat 6.0.49 but the
+ release vote for the 6.0.49 release candidate did not pass. Therefore,
+ although users must download 6.0.50 to obtain a version that includes
+ the fix for this issue, version 6.0.49 is not included in the list of
+ affected versions.</i>
+</p>
+
+
+<p>
<strong>Important: Information Disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745";
rel="nofollow">CVE-2016-8745</a>
</p>
Modified: tomcat/site/trunk/docs/security-7.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1780528&r1=1780527&r2=1780528&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Fri Jan 27 09:48:50 2017
@@ -219,7 +219,7 @@
<a href="#Apache_Tomcat_7.x_vulnerabilities">Apache Tomcat 7.x
vulnerabilities</a>
</li>
<li>
-<a href="#Fixed_in_Apache_Tomcat_7.0.74">Fixed in Apache Tomcat 7.0.74</a>
+<a href="#Fixed_in_Apache_Tomcat_7.0.75">Fixed in Apache Tomcat 7.0.75</a>
</li>
<li>
<a href="#Fixed_in_Apache_Tomcat_7.0.73">Fixed in Apache Tomcat 7.0.73</a>
@@ -366,8 +366,8 @@
</div>
-<h3 id="Fixed_in_Apache_Tomcat_7.0.74">
-<span style="float: right;">not yet released</span> Fixed in Apache Tomcat
7.0.74</h3>
+<h3 id="Fixed_in_Apache_Tomcat_7.0.75">
+<span style="float: right;">24 January 2017</span> Fixed in Apache Tomcat
7.0.75</h3>
<div class="text">
@@ -377,6 +377,15 @@
</p>
+<p>
+<i>Note: The issue below was fixed in Apache Tomcat 7.0.74 but the
+ release vote for the 7.0.74 release candidate did not pass. Therefore,
+ although users must download 7.0.75 to obtain a version that includes
+ the fix for this issue, version 7.0.74 is not included in the list of
+ affected versions.</i>
+</p>
+
+
<p>A bug in the error handling of the send file code for the NIO HTTP
connector resulted in the current Processor object being added to the
Processor cache multiple times. This in turn meant that the same
Modified: tomcat/site/trunk/docs/security-8.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1780528&r1=1780527&r2=1780528&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-8.html (original)
+++ tomcat/site/trunk/docs/security-8.html Fri Jan 27 09:48:50 2017
@@ -219,7 +219,7 @@
<a href="#Apache_Tomcat_8.x_vulnerabilities">Apache Tomcat 8.x
vulnerabilities</a>
</li>
<li>
-<a href="#Fixed_in_Apache_Tomcat_8.0.40">Fixed in Apache Tomcat 8.0.40</a>
+<a href="#Fixed_in_Apache_Tomcat_8.0.41">Fixed in Apache Tomcat 8.0.41</a>
</li>
<li>
<a href="#Fixed_in_Apache_Tomcat_8.5.9">Fixed in Apache Tomcat 8.5.9</a>
@@ -318,12 +318,21 @@
</div>
-<h3 id="Fixed_in_Apache_Tomcat_8.0.40">
-<span style="float: right;">not yet released</span> Fixed in Apache Tomcat
8.0.40</h3>
+<h3 id="Fixed_in_Apache_Tomcat_8.0.41">
+<span style="float: right;">24 January 2017</span> Fixed in Apache Tomcat
8.0.41</h3>
<div class="text">
<p>
+<i>Note: The issue below was fixed in Apache Tomcat 8.0.40 but the
+ release vote for the 8.0.40 release candidate did not pass. Therefore,
+ although users must download 8.0.41 to obtain a version that includes
+ the fix for this issue, version 8.0.40 is not included in the list of
+ affected versions.</i>
+</p>
+
+
+<p>
<strong>Important: Information Disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745";
rel="nofollow">CVE-2016-8745</a>
</p>
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1780528&r1=1780527&r2=1780528&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Fri Jan 27 09:48:50 2017
@@ -48,7 +48,13 @@
</section>
- <section name="Fixed in Apache Tomcat 6.0.49" rtext="not yet released">
+ <section name="Fixed in Apache Tomcat 6.0.50" rtext="not yet released">
+
+ <p><i>Note: The issue below was fixed in Apache Tomcat 6.0.49 but the
+ release vote for the 6.0.49 release candidate did not pass. Therefore,
+ although users must download 6.0.50 to obtain a version that includes
+ the fix for this issue, version 6.0.49 is not included in the list of
+ affected versions.</i></p>
<p><strong>Important: Information Disclosure</strong>
<cve>CVE-2016-8745</cve></p>
Modified: tomcat/site/trunk/xdocs/security-7.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1780528&r1=1780527&r2=1780528&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Fri Jan 27 09:48:50 2017
@@ -50,11 +50,17 @@
</section>
- <section name="Fixed in Apache Tomcat 7.0.74" rtext="not yet released">
+ <section name="Fixed in Apache Tomcat 7.0.75" rtext="24 January 2017">
<p><strong>Important: Information Disclosure</strong>
<cve>CVE-2016-8745</cve></p>
+ <p><i>Note: The issue below was fixed in Apache Tomcat 7.0.74 but the
+ release vote for the 7.0.74 release candidate did not pass. Therefore,
+ although users must download 7.0.75 to obtain a version that includes
+ the fix for this issue, version 7.0.74 is not included in the list of
+ affected versions.</i></p>
+
<p>A bug in the error handling of the send file code for the NIO HTTP
connector resulted in the current Processor object being added to the
Processor cache multiple times. This in turn meant that the same
Modified: tomcat/site/trunk/xdocs/security-8.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-8.xml?rev=1780528&r1=1780527&r2=1780528&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-8.xml (original)
+++ tomcat/site/trunk/xdocs/security-8.xml Fri Jan 27 09:48:50 2017
@@ -50,7 +50,13 @@
</section>
- <section name="Fixed in Apache Tomcat 8.0.40" rtext="not yet released">
+ <section name="Fixed in Apache Tomcat 8.0.41" rtext="24 January 2017">
+
+ <p><i>Note: The issue below was fixed in Apache Tomcat 8.0.40 but the
+ release vote for the 8.0.40 release candidate did not pass. Therefore,
+ although users must download 8.0.41 to obtain a version that includes
+ the fix for this issue, version 8.0.40 is not included in the list of
+ affected versions.</i></p>
<p><strong>Important: Information Disclosure</strong>
<cve>CVE-2016-8745</cve></p>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
