Re: [SECURITY] [DSA 1447-1] New tomcat5.5 packages fix several vulnerabilities

On Don, 2008-01-03 at 22:54 +0100, Moritz Muehlenhoff wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - ------------------------------------------------------------------------
> Debian Security Advisory DSA-1447-1 security@debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> January 03, 2008 http://www.debian.org/security/faq
> - ------------------------------------------------------------------------
>
> Package : tomcat5.5
> Vulnerability : several
> Problem type : remote
> Debian-specific: no
> CVE Id(s) : CVE-2007-3382 CVE-2007-3385 CVE-2007-3386 CVE-2007-5342 CVE-2007-5461
>

installing the update breaks webapps

with the following error
org.apache.commons.logging.LogConfigurationException: java.security.AccessControlException: access denied (java.io.FilePermission /home/nihil/www/java/WEB-INF/classes/logging.properties read) (Caused by java.security.AccessControlException: access denied (java.io.FilePermission /home/nihil/www/java/WEB-INF/classes/logging.properties read)) (it worked before the update and permission are set correctly, i double checked)

this is also the case for tomcat5.5-webapps packages which doesnt work anymore.

best regards, michael

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org