[Bug 179491] Re: please merge tomcat5.5 (5.5.25-4) from Debian unstable (main)
mlind
matti.lindell at gmail.com
Mon Dec 31 02:17:50 GMT 2007
** Attachment added: "Proposed merge of tomcat5.5 (5.5.25-4)"
http://launchpadlibrarian.net/11100730/debdiff.txt
** Description changed:
Binary package hint: tomcat5.5
Please consider merging tomcat5.5 from Debian unstable as it contains
fixes for several CVE's and important packaging fixes.
Ubuntu changes that can be dropped:
- Build-depends on xsltproc: tomcat5.5 package used to build documentation using xsltproc, but is now using Xalan-Java (libxalan2-java). I reckon the build dependency was unnecessarily carried around during merges as Debian stopped using it since 5.5.20-2 (related patches were dropped as well). It's not used in build process and the documentation looks the same with or without it. (http://www.mail-archive.com/debian-java@lists.debian.org/msg11269.html and Debian 5.5.20-2 changelog entry).
New Ubuntu changes are bugfixes, forwarded as:
* Opened http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=458411
* Reopened http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452366
- New Debian version also fixes #173692 and #161882.
+ New Debian version also fixes Bug #173692 and Bug #161882.
** Description changed:
Binary package hint: tomcat5.5
Please consider merging tomcat5.5 from Debian unstable as it contains
fixes for several CVE's and important packaging fixes.
Ubuntu changes that can be dropped:
- Build-depends on xsltproc: tomcat5.5 package used to build documentation using xsltproc, but is now using Xalan-Java (libxalan2-java). I reckon the build dependency was unnecessarily carried around during merges as Debian stopped using it since 5.5.20-2 (related patches were dropped as well). It's not used in build process and the documentation looks the same with or without it. (http://www.mail-archive.com/debian-java@lists.debian.org/msg11269.html and Debian 5.5.20-2 changelog entry).
New Ubuntu changes are bugfixes, forwarded as:
* Opened http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=458411
* Reopened http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452366
New Debian version also fixes Bug #173692 and Bug #161882.
+
+ New Debian changes:
+
+ tomcat5.5 (5.5.25-4) unstable; urgency=high
+
+ * CVE-2007-5342: Fix unauthorized modification of data because of
+ too open permissions. Closes: #458237.
+ * Always clean temporary directory on startup. Closes: #456608.
+
+ -- Michael Koch <konqueror at gmx.de> Sat, 29 Dec 2007 20:15:40 +0100
+
+ tomcat5.5 (5.5.25-3) unstable; urgency=low
+
+ * debian/libtomcat5.5-java.links: Removed links for xml-apis.jar and
+ xercesImpl.jar. Closes: #443382, #455495.
+ * Added libgnumail-java to Build-Depends. Closes: #454312.
+ * Updated Standards-Version to 3.7.3.
+
+ -- Michael Koch <konqueror at gmx.de> Thu, 13 Dec 2007 22:15:18 +0100
+
+ tomcat5.5 (5.5.25-2) unstable; urgency=high
+
+ [ Michael Koch ]
+ CVE-2007-5461:
+ * Fix absolute path traversal vulnerability. Closes: #448664.
+
+ [ Marcus Better ]
+ * Add required commons-io symlink to the admin webapp, which fixes WAR
+ file uploads. (Closes: #452366)
+ * debian/control: Use the new Homepage and Vcs-* fields.
+ * debian/NEWS: Remove outdated entry.
+
+ -- Michael Koch <konqueror at gmx.de> Fri, 30 Nov 2007 10:46:33 +0100
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-5342
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-5461
--
please merge tomcat5.5 (5.5.25-4) from Debian unstable (main)
https://bugs.launchpad.net/bugs/179491
You received this bug notification because you are a member of Ubuntu
Sponsors for universe, which is a direct subscriber.
More information about the Ubuntu-universe-sponsors
mailing list