[ubuntu/oneiric-security] tomcat6, tomcat6_6.0.32-5ubuntu1.1_i386_translations.tar.gz 6.0.32-5ubuntu1.1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Nov 8 13:03:28 UTC 2011 

tomcat6 (6.0.32-5ubuntu1.1) oneiric-security; urgency=low

  * SECURITY UPDATE: HTTP DIGEST authentication weaknesses
    - debian/patches/0014-CVE-2011-1184.patch: add new nonce options in
      java/org/apache/catalina/authenticator/DigestAuthenticator.java,
      java/org/apache/catalina/authenticator/LocalStrings.properties,
      java/org/apache/catalina/authenticator/mbeans-descriptors.xml,
      java/org/apache/catalina/realm/RealmBase.java,
      webapps/docs/config/valve.xml.
    - CVE-2011-1184
  * SECURITY UPDATE: file restriction bypass or denial of service via
    untrusted web application.
    - debian/patches/0015-CVE-2011-2526.patch: check canonical name in
      java/org/apache/catalina/connector/LocalStrings.properties,
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/LocalStrings.properties,
      java/org/apache/tomcat/util/net/AprEndpoint.java,
      java/org/apache/tomcat/util/net/NioEndpoint.java.
    - CVE-2011-2526

Date: Thu, 13 Oct 2011 16:41:43 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/tomcat6/6.0.32-5ubuntu1.1
-------------- next part --------------
Format: 1.8
Date: Thu, 13 Oct 2011 16:41:43 -0400
Source: tomcat6
Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs tomcat6-extras
Architecture: source
Version: 6.0.32-5ubuntu1.1
Distribution: oneiric-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes
 libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation
 libtomcat6-java - Servlet and JSP engine -- core libraries
 tomcat6    - Servlet and JSP engine
 tomcat6-admin - Servlet and JSP engine -- admin web applications
 tomcat6-common - Servlet and JSP engine -- common files
 tomcat6-docs - Servlet and JSP engine -- documentation
 tomcat6-examples - Servlet and JSP engine -- example web applications
 tomcat6-extras - Servlet and JSP engine -- additional components
 tomcat6-user - Servlet and JSP engine -- tools to create user instances
Changes: 
 tomcat6 (6.0.32-5ubuntu1.1) oneiric-security; urgency=low
 .
   * SECURITY UPDATE: HTTP DIGEST authentication weaknesses
     - debian/patches/0014-CVE-2011-1184.patch: add new nonce options in
       java/org/apache/catalina/authenticator/DigestAuthenticator.java,
       java/org/apache/catalina/authenticator/LocalStrings.properties,
       java/org/apache/catalina/authenticator/mbeans-descriptors.xml,
       java/org/apache/catalina/realm/RealmBase.java,
       webapps/docs/config/valve.xml.
     - CVE-2011-1184
   * SECURITY UPDATE: file restriction bypass or denial of service via
     untrusted web application.
     - debian/patches/0015-CVE-2011-2526.patch: check canonical name in
       java/org/apache/catalina/connector/LocalStrings.properties,
       java/org/apache/catalina/connector/Request.java,
       java/org/apache/catalina/servlets/DefaultServlet.java,
       java/org/apache/coyote/http11/Http11AprProcessor.java,
       java/org/apache/coyote/http11/LocalStrings.properties,
       java/org/apache/tomcat/util/net/AprEndpoint.java,
       java/org/apache/tomcat/util/net/NioEndpoint.java.
     - CVE-2011-2526
Checksums-Sha1: 
 18ce30b11422cf98b07fefffffa878320c4fa90f 2388 tomcat6_6.0.32-5ubuntu1.1.dsc
 01ea231f8a2b97cdcac00ac1238c7e399cf01cbb 53449 tomcat6_6.0.32-5ubuntu1.1.debian.tar.gz
Checksums-Sha256: 
 e646398b13785ac719cc2f5d0fbcfcd4728531415e15f7450f0ccc03b8716398 2388 tomcat6_6.0.32-5ubuntu1.1.dsc
 6552e5a2a1cd648a727978b60edc32b02322757405faac0295943c4c472a0186 53449 tomcat6_6.0.32-5ubuntu1.1.debian.tar.gz
Files: 
 fa57175018eb062ade4949bd7915c8b7 2388 java optional tomcat6_6.0.32-5ubuntu1.1.dsc
 004b8544a8f2fce55edeaf8da726b82e 53449 java optional tomcat6_6.0.32-5ubuntu1.1.debian.tar.gz
Original-Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>

More information about the Oneiric-changes mailing list