[ubuntu/intrepid-security] tomcat6, tomcat6 (delayed) 6.0.18-0ubuntu3.3 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Thu Feb 11 19:03:34 GMT 2010
tomcat6 (6.0.18-0ubuntu3.3) intrepid-security; urgency=low
* SECURITY UPDATE: arbitrary file creation or overwrite from directory
traversal via a .. entry in a WAR file.
- CVE-2009-2693
* SECURITY UPDATE: authentication bypass via autodeployment process
- CVE-2009-2901
* SECURITY UPDATE: work-directory file deletion via directory traversal
sequences in a WAR filename.
- CVE-2009-2902
- debian/patches/security_CVE-2009-2693_2901_2902.patch: validate file
names and paths in java/org/apache/catalina/loader/
{LocalStrings.properties,WebappClassLoader.java},
java/org/apache/catalina/startup/{ContextConfig.java,ExpandWar.java,
HostConfig.java,LocalStrings.properties}
Date: Thu, 11 Feb 2010 09:22:51 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
https://launchpad.net/ubuntu/intrepid/+source/tomcat6/6.0.18-0ubuntu3.3
-------------- next part --------------
Format: 1.8
Date: Thu, 11 Feb 2010 09:22:51 -0500
Source: tomcat6
Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java tomcat6-admin tomcat6-examples tomcat6-docs
Architecture: source
Version: 6.0.18-0ubuntu3.3
Distribution: intrepid-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes and documentation
libtomcat6-java - Servlet and JSP engine -- core libraries
tomcat6 - Servlet and JSP engine
tomcat6-admin - Servlet and JSP engine -- admin web applications
tomcat6-common - Servlet and JSP engine -- common files
tomcat6-docs - Servlet and JSP engine -- example web applications
tomcat6-examples - Servlet and JSP engine -- example web applications
tomcat6-user - Servlet and JSP engine -- tools to create user instances
Changes:
tomcat6 (6.0.18-0ubuntu3.3) intrepid-security; urgency=low
.
* SECURITY UPDATE: arbitrary file creation or overwrite from directory
traversal via a .. entry in a WAR file.
- CVE-2009-2693
* SECURITY UPDATE: authentication bypass via autodeployment process
- CVE-2009-2901
* SECURITY UPDATE: work-directory file deletion via directory traversal
sequences in a WAR filename.
- CVE-2009-2902
- debian/patches/security_CVE-2009-2693_2901_2902.patch: validate file
names and paths in java/org/apache/catalina/loader/
{LocalStrings.properties,WebappClassLoader.java},
java/org/apache/catalina/startup/{ContextConfig.java,ExpandWar.java,
HostConfig.java,LocalStrings.properties}
Checksums-Sha1:
232f4bd0fecf87f91bf227dcb97b508f97d4c59d 1379 tomcat6_6.0.18-0ubuntu3.3.dsc
6fab4f84ae94f317bc858dcc7147f42d6c72f29a 26616 tomcat6_6.0.18-0ubuntu3.3.diff.gz
Checksums-Sha256:
8721b339299e114ee88adc7691e1fbe23fcce5b7090838a34ef6341e3f104b0d 1379 tomcat6_6.0.18-0ubuntu3.3.dsc
a7ef7ffbbd092a9e4b6c4b7d71696f979b721574c428dc8ed7335840fe38d44e 26616 tomcat6_6.0.18-0ubuntu3.3.diff.gz
Files:
86363fde24b72d18e84ef451312646b1 1379 web optional tomcat6_6.0.18-0ubuntu3.3.dsc
15947847c9ba6bca5b4c7c30280c0fb8 26616 web optional tomcat6_6.0.18-0ubuntu3.3.diff.gz
Original-Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
More information about the Intrepid-changes
mailing list