Hello,

Am 15.01.20 um 18:10 schrieb Sylvain Beucler:
> Hello Thorsten,
> 
> I'm working on a tomcat7 security-only update, and checking the pending
> bugs.
> 
> /etc/cron.daily/tomcat7 uses the "copytruncate" method, which normally
> should handle this situation, where it's not possible/wanted to restart
> the server, and there's "a very small time slice between copying the
> file and truncating it, so some logging data might be lost"
> (logrotate.conf(5)), so I assume the potentially missing write is a
> known compromise.
> 
> Note: it also uses the "weekly" keyword which does not match this bug's
> mention of "not have been written to for a day".
> 
> At first glance the situation looks OK to me. What would you recommend?

The Tomcat 7 security update for Jessie and Wheezy is handled by Mike
Gabriel and myself already. I have uploaded the package to

https://people.debian.org/~apo/tomcat7/

and I am waiting for Mike's review.

Regards,

Markus

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to