tomcat-7.0.72-1.el6

This updates includes a rebase from tomcat 7.0.70 up to 7.0.72 which resolves one CVE:

* rhbz#1375582 CVE-2016-5388 Tomcat: CGI sets environmental variable based on user supplied Proxy request header

and includes one additional CVE fix along with two bug fixes:

* rhbz#1376718 CVE-2016-1240 tomcat: Local privilege escalation via unsafe file handling in the Tomcat init script
* rhbz#1379170 jsvc script is broken
* rhbz#1170797 remove tomcat6 dependency on redhat-lsb (and any other unnecessary ones)

Leave a Reply