[Bug 1115053] Re: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10

Launchpad Bug Tracker 1115053 at bugs.launchpad.net
Sat Mar 16 07:10:16 UTC 2013


This bug was fixed in the package tomcat7 - 7.0.21-1ubuntu0.1

---------------
tomcat7 (7.0.21-1ubuntu0.1) oneiric-security; urgency=low

  [Christian Kuersteiner]
  * SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
    (LP: #1115053)
    - debian/patches/CVE-2012-0022.patch: Fix for Denial of service. Based on
      upstream patch.
    - CVE-2012-0022, CVE-2011-4858
    - debian/patches/CVE-2011-3375.patch: Fix for information disclosure. Based
      on upstream patch.
    - CVE-2011-3375
    - debian/patches/CVE-2011-3376.patch: Fix for privilege escalation. Based on
      upstream patch.
    - CVE-2011-3376
    - debian/patches/CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
      Service. Based on upstream patch.
    - CVE-2012-2733
    - debian/patches/CVE-2012-3546.patch: Fix for bypass of security
      constraints. Based on upstream patch.
    - CVE-2012-3546
    - debian/patches/CVE-2012-4431.patch: Fix for bypass of CSRF prevention
      filter. Based on upstream patch.
    - CVE-2012-4431
    - debian/patches/CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
      Service Vulnerability. Based on upstream patch.
    - CVE-2012-4534
    - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
      weaknesses. Based on upstream patch.
    - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887

  [ Jamie Strandboge ]
  * allow for easily running the testsuite:
    - debian/control: add testsuite build-depends
    - debian/rules:
      + add 'testsuite' target
      + add ANT_TS_ARGS for use in the testsuite target
      + cleanup the testsuite
    - add debian/README.source for information on how to use the testsuite
 -- Christian Kuersteiner <ckuerste at gmx.ch>   Fri, 15 Mar 2013 15:40:27 -0700

** Changed in: tomcat7 (Ubuntu Oneiric)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat7 in Ubuntu.
https://bugs.launchpad.net/bugs/1115053

Title:
  Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions



More information about the Ubuntu-server-bugs mailing list