* Markus Koschany: > Am 28.03.2016 um 18:07 schrieb Markus Koschany: >> [first e-mail failed, attachment is compressed now] >> >> Hello Security Team, hello Java Team >> >> I have prepared security updates for Tomcat 7 fixing 9 CVEs in Wheezy >> and 7 CVEs in Jessie. > > Hi, > > since I haven't heard anything negative about the security update for > Tomcat7 so far, I'm hereby sending you the final debdiffs for Wheezy and > Jessie. > > After further investigation into the test failures I'm convinced now > that they are unrelated to the update because they also occur with the > current version and it seems they can be traced back to an update of > OpenJDK 7. According to [1] the error is caused by stricter checking of > values in cookie names. The error message is: > > Illegal character(s) in message header field: Cookie:
Yes, the test appears to be broken. I found this upstream commit: ------------------------------------------------------------------------ r1715547 | fschumacher | 2015-11-21 18:54:14 +0100 (Sat, 21 Nov 2015) | 4 lines Don't add ":" to cookie name. It is illegal in newer jre. Merge from r1715544 /tomcat/tc8.0.x/trunk Packaging-wise, the changes look okay. Could you please upload? Thanks, Florian
