tomcat: CVE-CVE-2016-8745

[pts-dorianpula]

CVE-2016-8745: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745

Affects:

• tomcat 8.0-jre7
• tomcat 8.0-jre7 alpine
• tomcat 8.0-jre8
• tomat 8.0-jre8 alpine

Issue resolved in Tomcat 8.0.40.

[pts-dorianpula]

Currently need the Tomcat project to officially release 8.0.40: https://tomcat.apache.org/download-80.cgi

[yosifkit]

We have an automated job that runs update.sh and it was failing because the Apache mirrors did not have the new version when it tried to build test the new version. It has now added docker-library/tomcat@437ad1d and docker-library/tomcat@e4ffae4 to update Tomcat 7 and 8, respectively. The next step in the process is for us to make the PR here that updates the commits in the library/tomcat file using the generate-stackbrew-library script from the tomcat repo. I'll try to get one up shortly.