[ubuntu/karmic-security] tomcat6, tomcat6 (delayed) 6.0.20-2ubuntu2.1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Thu Feb 11 19:03:21 GMT 2010


tomcat6 (6.0.20-2ubuntu2.1) karmic-security; urgency=low

  * SECURITY UPDATE: arbitrary file creation or overwrite from directory
    traversal via a .. entry in a WAR file.
    - CVE-2009-2693
  * SECURITY UPDATE: authentication bypass via autodeployment process
    - CVE-2009-2901
  * SECURITY UPDATE: work-directory file deletion via directory traversal
    sequences in a WAR filename.
    - CVE-2009-2902
    - debian/patches/security_CVE-2009-2693_2901_2902.patch: validate file
      names and paths in java/org/apache/catalina/loader/
      {LocalStrings.properties,WebappClassLoader.java},
      java/org/apache/catalina/startup/{ContextConfig.java,ExpandWar.java,
      HostConfig.java,LocalStrings.properties}

Date: Wed, 10 Feb 2010 15:46:14 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/tomcat6/6.0.20-2ubuntu2.1
-------------- next part --------------
Format: 1.8
Date: Wed, 10 Feb 2010 15:46:14 -0500
Source: tomcat6
Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs
Architecture: source
Version: 6.0.20-2ubuntu2.1
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes
 libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation
 libtomcat6-java - Servlet and JSP engine -- core libraries
 tomcat6    - Servlet and JSP engine
 tomcat6-admin - Servlet and JSP engine -- admin web applications
 tomcat6-common - Servlet and JSP engine -- common files
 tomcat6-docs - Servlet and JSP engine -- example web applications
 tomcat6-examples - Servlet and JSP engine -- example web applications
 tomcat6-user - Servlet and JSP engine -- tools to create user instances
Changes: 
 tomcat6 (6.0.20-2ubuntu2.1) karmic-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary file creation or overwrite from directory
     traversal via a .. entry in a WAR file.
     - CVE-2009-2693
   * SECURITY UPDATE: authentication bypass via autodeployment process
     - CVE-2009-2901
   * SECURITY UPDATE: work-directory file deletion via directory traversal
     sequences in a WAR filename.
     - CVE-2009-2902
     - debian/patches/security_CVE-2009-2693_2901_2902.patch: validate file
       names and paths in java/org/apache/catalina/loader/
       {LocalStrings.properties,WebappClassLoader.java},
       java/org/apache/catalina/startup/{ContextConfig.java,ExpandWar.java,
       HostConfig.java,LocalStrings.properties}
Checksums-Sha1: 
 04d468df1dd4f076aca1b9b7a05b7f2c72d3dcec 1564 tomcat6_6.0.20-2ubuntu2.1.dsc
 0e20ff457ae1d39f968749855a048e53f45e01bb 24200 tomcat6_6.0.20-2ubuntu2.1.diff.gz
Checksums-Sha256: 
 e793d21c5f34c04f90b5527aacb9a4606ccd986fee3db6c8a3e6a15dd4522eeb 1564 tomcat6_6.0.20-2ubuntu2.1.dsc
 764fc95abecdabeab9c394a27e516ab6326fbe10e6bf1e5b9f0bba21f0a50ba1 24200 tomcat6_6.0.20-2ubuntu2.1.diff.gz
Files: 
 9c02cfcdbf44123e1d1f669c23256109 1564 java optional tomcat6_6.0.20-2ubuntu2.1.dsc
 0301e8b6886eed5acfe1135262564354 24200 java optional tomcat6_6.0.20-2ubuntu2.1.diff.gz
Original-Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>


More information about the Karmic-changes mailing list