[ubuntu/lucid-security] tomcat6, tomcat6 (delayed) 6.0.24-2ubuntu1.7 (Accepted)

Ubuntu Installer archive at ubuntu.com
Tue Mar 29 17:04:03 UTC 2011


tomcat6 (6.0.24-2ubuntu1.7) lucid-security; urgency=low

  * SECURITY UPDATE: directory traversal via incorrect ServetContext
    attribute (LP: #717396)
    - debian/patches/0012-CVE-2010-3718.patch: mark as read only in
      java/org/apache/catalina/core/StandardContext.java.
    - CVE-2010-3718
  * SECURITY UPDATE: cross-site scripting in HTML Manager interface
    - debian/patches/0013-CVE-2011-0013.patch: properly filter values in
      java/org/apache/catalina/manager/{HTMLManagerServlet.java,
      StatusTransformer.java}.
    - CVE-2011-0013
  * SECURITY UPDATE: denial of service via NIOS HTTP connector
    (LP: #714239, LP: #717396)
    - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in
      java/org/apache/coyote/http11/InternalNioInputBuffer.java.
    - CVE-2011-0534

Date: Thu, 24 Mar 2011 11:08:39 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/tomcat6/6.0.24-2ubuntu1.7
-------------- next part --------------
Format: 1.8
Date: Thu, 24 Mar 2011 11:08:39 -0400
Source: tomcat6
Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs
Architecture: source
Version: 6.0.24-2ubuntu1.7
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes
 libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation
 libtomcat6-java - Servlet and JSP engine -- core libraries
 tomcat6    - Servlet and JSP engine
 tomcat6-admin - Servlet and JSP engine -- admin web applications
 tomcat6-common - Servlet and JSP engine -- common files
 tomcat6-docs - Servlet and JSP engine -- documentation
 tomcat6-examples - Servlet and JSP engine -- example web applications
 tomcat6-user - Servlet and JSP engine -- tools to create user instances
Launchpad-Bugs-Fixed: 714239 717396 717396
Changes: 
 tomcat6 (6.0.24-2ubuntu1.7) lucid-security; urgency=low
 .
   * SECURITY UPDATE: directory traversal via incorrect ServetContext
     attribute (LP: #717396)
     - debian/patches/0012-CVE-2010-3718.patch: mark as read only in
       java/org/apache/catalina/core/StandardContext.java.
     - CVE-2010-3718
   * SECURITY UPDATE: cross-site scripting in HTML Manager interface
     - debian/patches/0013-CVE-2011-0013.patch: properly filter values in
       java/org/apache/catalina/manager/{HTMLManagerServlet.java,
       StatusTransformer.java}.
     - CVE-2011-0013
   * SECURITY UPDATE: denial of service via NIOS HTTP connector
     (LP: #714239, LP: #717396)
     - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in
       java/org/apache/coyote/http11/InternalNioInputBuffer.java.
     - CVE-2011-0534
Checksums-Sha1: 
 f0cca8b7d5db855f55301442e405fdcf187d1868 2405 tomcat6_6.0.24-2ubuntu1.7.dsc
 6f25b68c4d7e63fa2131ff86c09c192e9a146dd8 36286 tomcat6_6.0.24-2ubuntu1.7.debian.tar.gz
Checksums-Sha256: 
 c6a6a334f9c8af99e3797cc5d89dece3c39899c0f6164d807966fc6f999e197f 2405 tomcat6_6.0.24-2ubuntu1.7.dsc
 51ff078ef13c5db431aba7ecf2fb743e71f8f94481bfde811e8443cac8b8d068 36286 tomcat6_6.0.24-2ubuntu1.7.debian.tar.gz
Files: 
 6b7d220adbe7cd6be08219e82d9aa455 2405 java optional tomcat6_6.0.24-2ubuntu1.7.dsc
 14073ec9f0672f44cc6a32235e81c29d 36286 java optional tomcat6_6.0.24-2ubuntu1.7.debian.tar.gz
Original-Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>


More information about the Lucid-changes mailing list