[ubuntu/hardy-security] tomcat5.5 5.5.25-5ubuntu1.3 (Accepted)

James Page james.page at ubuntu.com
Thu Oct 13 00:03:18 UTC 2011 

tomcat5.5 (5.5.25-5ubuntu1.3) hardy-security; urgency=low

  * SECURITY UPDATE: Apache Tomcat Authentication bypass and information
    disclosure (LP: #843701).
   - connectors/jk/java/org/apache/coyote/ajp/AjpAprProcessor.java: Prevent AJP
     request forgery via unread request body packet - upstream patch from Mark
     Thomas
   - http://svn.apache.org/viewvc?view=revision&revision=1162960
   - CVE-2011-3190

Date: Mon, 26 Sep 2011 11:42:02 +0100
Changed-By: James Page <james.page at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/tomcat5.5/5.5.25-5ubuntu1.3
-------------- next part --------------
Format: 1.7
Date: Mon, 26 Sep 2011 11:42:02 +0100
Source: tomcat5.5
Binary: tomcat5.5 libtomcat5.5-java tomcat5.5-webapps tomcat5.5-admin
Architecture: source
Version: 5.5.25-5ubuntu1.3
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: James Page <james.page at ubuntu.com>
Description: 
 libtomcat5.5-java - Java Servlet engine -- core libraries
 tomcat5.5  - Servlet and JSP engine
 tomcat5.5-admin - Java Servlet engine -- admin & manager web interfaces
 tomcat5.5-webapps - Java Servlet engine -- documentation and example web applications
Launchpad-Bugs-Fixed: 843701
Changes: 
 tomcat5.5 (5.5.25-5ubuntu1.3) hardy-security; urgency=low
 .
   * SECURITY UPDATE: Apache Tomcat Authentication bypass and information
     disclosure (LP: #843701).
    - connectors/jk/java/org/apache/coyote/ajp/AjpAprProcessor.java: Prevent AJP
      request forgery via unread request body packet - upstream patch from Mark
      Thomas
    - http://svn.apache.org/viewvc?view=revision&revision=1162960
    - CVE-2011-3190
Files: 
 ed175ea2b403c17fa1b1ad046f924c16 2093 web optional tomcat5.5_5.5.25-5ubuntu1.3.dsc
 b7cdc8808fc36a4d715bb184f75b9fd2 36713 web optional tomcat5.5_5.5.25-5ubuntu1.3.diff.gz
Original-Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>

More information about the Hardy-changes mailing list