Hello, Am 15.01.20 um 18:10 schrieb Sylvain Beucler: > Hello Thorsten, > > I'm working on a tomcat7 security-only update, and checking the pending > bugs. > > /etc/cron.daily/tomcat7 uses the "copytruncate" method, which normally > should handle this situation, where it's not possible/wanted to restart > the server, and there's "a very small time slice between copying the > file and truncating it, so some logging data might be lost" > (logrotate.conf(5)), so I assume the potentially missing write is a > known compromise. > > Note: it also uses the "weekly" keyword which does not match this bug's > mention of "not have been written to for a day". > > At first glance the situation looks OK to me. What would you recommend?
The Tomcat 7 security update for Jessie and Wheezy is handled by Mike Gabriel and myself already. I have uploaded the package to https://people.debian.org/~apo/tomcat7/ and I am waiting for Mike's review. Regards, Markus
signature.asc
Description: OpenPGP digital signature

