update trusty to newest release due to security vulnerabilities

I suggest you report a bug. Mark it as a security bug with those links and the package will be updated sooner rather than later

The problem seems to be already known, see
https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1449975
and
http://people.canonical.com/~ubuntu-security/cve/pkg/tomcat7.html
http://people.canonical.com/~ubuntu-security/cve/pkg/tomcat6.html
http://people.canonical.com/~ubuntu-security/cve/pkg/tomcat8.html

Thanks, I missed the bug report in my search

I have a similar issue. I've been asked by managment to upgrade to latest tomcat security after my company hired a security audit.

Is there a procedure for manually applying only security updates for ubuntu 14.04 tomcat7 package?

I would like to automate security patching for Tomcat7. However my new SLA only allows for 30 day delay after security patches are made available.

actionparsnip (andrew-woodhead666) - I have not found an update for last 7 months. Did you find a way to update your tomcat7 to lastest security patches?

Thank you,

Doug

@DougPenergras:
What vulnerability are you talking about?
https://tomcat.apache.org/security-7.html lists CVE-2014-7810 as the latest vulnerability with a known fix in Apache Tomcat 7.x

This has been fixed in tomcat7 for Ubuntu 14.04 (7.0.52-1ubuntu0.3)
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7810.html

You have to be aware, that Ubuntu's strategy is not to upgrade the whole package (e.g. to 7.0.59), but to backport the bug fix to the older version (making it from 7.0.52-1 into 7.0.52-1ubuntu0.3)

@Manfred Hampl (m-hampl)

Thank you for explaining that the Ubuntu Tomcat package name (7.0.52-1ubuntu0.3) will not reflect the same version format as the Tomcat packages (Apache Tomcat 7.0.59). I did not understand that.