Re: [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities

<chdh@...> wrote:
>> AccessControlException: access denied ... logging.properties read
>
> This is a consequence of the patch of /etc/tomcat5.5/policy.d/
> 03catalina.policy for CVE-2007-5342 (http://cve.mitre.org/cgi-bin/
> cvename.cgi?name=CVE-2007-5342).

Indeed. The tomcat5.5-webapps package hasn't been adapted, since
it's for examples and documentation and not for production use.
There were also some other security problems found in these example
apps, which weren't addressed either.

Cheers,
        Moritz


--
To UNSUBSCRIBE, email to debian-security-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...