TEMP-0840685-CEF76B

NameTEMP-0840685-CEF76B
DescriptionTOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory
SourceAutomatically generated temporary name. Not for external reference.
Debian Bugs840685, 841655

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tomcat7 (PTS)stretch7.0.75-1fixed
tomcat8 (PTS)stretch8.5.54-0+deb9u1fixed
stretch (security)8.5.54-0+deb9u8fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tomcat6source(unstable)6.0.41-3
tomcat7sourcewheezy7.0.28-4+deb7u7
tomcat7sourcejessie7.0.56-3+deb8u5
tomcat7source(unstable)7.0.72-3841655
tomcat8sourcejessie8.0.14-1+deb8u4
tomcat8source(unstable)8.0.38-1840685

Notes

Workaround entry for DSA-3720-1 since no CVE assinged
Workaround entry for DSA-3721-1 since no CVE assinged
Since 7.0.72-3, src:tomcat7 only builds the Servlet API
Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie

Search for package or bug name: Reporting problems