[Bug 1115053] Re: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10
Jamie Strandboge
jamie at ubuntu.com
Tue Apr 2 14:56:17 UTC 2013
There was nothing added to the package regarding startup. The user
reports after using update-rc.d to manage when tomcat7 would start, when
upgrading, they are added back. Note that the update-rc.d manpage
states: "Please note that this program was designed for use in
package maintainer scripts and, accordingly, has only the very
limited functionality required by such scripts. System administrators
are not encouraged to use update-rc.d to manage runlevels." This is
arguably a problem in the tomcat7 packaging, not a problem with this
security update. Looking at /var/lib/dpkg/info/tomcat7.postinst,
dh_installinit will unconditionally add the files back. Often, server
software is packaged such that the initscript will honor
/etc/default/.... /etc/default/tomcat7 does exist, but there is no
setting in there to short circuit startup.
As I understand the current tomcat7 packaging after looking at it for a
few minutes, rather than using update-rc.d, the user should either edit
settings in /etc/tomcat7 or add an 'exit 0' to /etc/init.d/tomcat7 if
tomcat7 should be installed but not started.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat7 in Ubuntu.
https://bugs.launchpad.net/bugs/1115053
Title:
Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions
More information about the Ubuntu-server-bugs
mailing list