Thanks for reworking this. This is quite the patch set! :) I can confirm that it run the testsuite with no added failures or errors. Comparing the buildlogs also looks good. In reviewing these: CVE-2011-3375.patch - ACK CVE-2011-3376.patch - ACK CVE-2012-0022.patch - ACK (had some whitespace changes, but ok) CVE-2012-2733.patch - ACK CVE-2012-3439.patch - not all commits are mentioned in the patch CVE-2012-3546.patch - ACK CVE-2012-4431.patch - ACK CVE-2012-4534.patch - ACK
Can you comment more on CVE-2012-3439.patch? I compared it to upstream's http://svn.apache.org/viewvc?view=rev&rev=1377807 as per your DEP-3 comments, but there were quite a few changes. You mentioned that you "Cherrypicked changes in TesterDigestAuthenticatorPerformance.java to adapt to the changes made in the other files since test cases for 7.0.30 are completely different to the one in 7.0.21", which is fine, but those cherrypicked commits should also be listed. Thanks for all your hard work on this. We're close! :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
