[ubuntu/maverick-security] tomcat6, tomcat6 (delayed) 6.0.28-2ubuntu1.2 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Tue Mar 29 17:03:26 UTC 2011
tomcat6 (6.0.28-2ubuntu1.2) maverick-security; urgency=low
* SECURITY UPDATE: directory traversal via incorrect ServetContext
attribute (LP: #717396)
- debian/patches/0012-CVE-2010-3718.patch: mark as read only in
java/org/apache/catalina/core/StandardContext.java.
- CVE-2010-3718
* SECURITY UPDATE: cross-site scripting in HTML Manager interface
- debian/patches/0013-CVE-2011-0013.patch: properly filter values in
java/org/apache/catalina/manager/{HTMLManagerServlet.java,
StatusTransformer.java}.
- CVE-2011-0013
* SECURITY UPDATE: denial of service via NIOS HTTP connector
(LP: #714239, LP: #717396)
- debian/patches/0014-CVE-2011-0534.patch: enforce proper size in
java/org/apache/coyote/http11/InternalNioInputBuffer.java.
- CVE-2011-0534
Date: Thu, 24 Mar 2011 10:10:09 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/tomcat6/6.0.28-2ubuntu1.2
-------------- next part --------------
Format: 1.8
Date: Thu, 24 Mar 2011 10:10:09 -0400
Source: tomcat6
Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs
Architecture: source
Version: 6.0.28-2ubuntu1.2
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes
libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation
libtomcat6-java - Servlet and JSP engine -- core libraries
tomcat6 - Servlet and JSP engine
tomcat6-admin - Servlet and JSP engine -- admin web applications
tomcat6-common - Servlet and JSP engine -- common files
tomcat6-docs - Servlet and JSP engine -- documentation
tomcat6-examples - Servlet and JSP engine -- example web applications
tomcat6-user - Servlet and JSP engine -- tools to create user instances
Launchpad-Bugs-Fixed: 714239 717396
Changes:
tomcat6 (6.0.28-2ubuntu1.2) maverick-security; urgency=low
.
* SECURITY UPDATE: directory traversal via incorrect ServetContext
attribute (LP: #717396)
- debian/patches/0012-CVE-2010-3718.patch: mark as read only in
java/org/apache/catalina/core/StandardContext.java.
- CVE-2010-3718
* SECURITY UPDATE: cross-site scripting in HTML Manager interface
- debian/patches/0013-CVE-2011-0013.patch: properly filter values in
java/org/apache/catalina/manager/{HTMLManagerServlet.java,
StatusTransformer.java}.
- CVE-2011-0013
* SECURITY UPDATE: denial of service via NIOS HTTP connector
(LP: #714239, LP: #717396)
- debian/patches/0014-CVE-2011-0534.patch: enforce proper size in
java/org/apache/coyote/http11/InternalNioInputBuffer.java.
- CVE-2011-0534
Checksums-Sha1:
7a3f4100851fa8036109ee2007e9c61b2524a919 2360 tomcat6_6.0.28-2ubuntu1.2.dsc
e3beb4a3a1d137854b22c33f222a0fc69ee0b998 38583 tomcat6_6.0.28-2ubuntu1.2.debian.tar.gz
Checksums-Sha256:
0fc09d93f59c630120ae42de8ba7e86b3e130c52b443f5172b836de19c77275e 2360 tomcat6_6.0.28-2ubuntu1.2.dsc
6fae0523b985013aa93eb1e25f7aa161a1428d8a206a301cc17d755ba9086b22 38583 tomcat6_6.0.28-2ubuntu1.2.debian.tar.gz
Files:
7195e057f375b37fb6bee143379aa709 2360 java optional tomcat6_6.0.28-2ubuntu1.2.dsc
a37a9a0eb6c8b47c02e68d3b2abf7bad 38583 java optional tomcat6_6.0.28-2ubuntu1.2.debian.tar.gz
Original-Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
More information about the Maverick-changes
mailing list