Author: kkolinko
Date: Sun Dec 11 23:25:27 2011
New Revision: 1213104
URL: http://svn.apache.org/viewvc?rev=1213104&view=rev
Log:
Update status for security issues, 'cause 6.0.35 has been released.
Modified:
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/xdocs/security-6.xml
Modified: tomcat/site/trunk/docs/security-6.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1213104&r1=1213103&r2=1213104&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Sun Dec 11 23:25:27 2011
@@ -195,7 +195,7 @@
<a href="#Apache_Tomcat_6.x_vulnerabilities">Apache Tomcat 6.x
vulnerabilities</a>
</li>
<li>
-<a href="#Fixed_in_Apache_Tomcat_6.0.34_(not_yet_released)">Fixed in Apache
Tomcat 6.0.34 (not yet released)</a>
+<a href="#Fixed_in_Apache_Tomcat_6.0.35">Fixed in Apache Tomcat 6.0.35</a>
</li>
<li>
<a href="#Fixed_in_Apache_Tomcat_6.0.33">Fixed in Apache Tomcat 6.0.33</a>
@@ -313,16 +313,25 @@
</table>
<table border="0" cellspacing="0" cellpadding="2" width="100%">
<tr>
-<td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica,sanserif"><a
name="Fixed in Apache Tomcat 6.0.34 (not yet released)">
-<!--()--></a><a
name="Fixed_in_Apache_Tomcat_6.0.34_(not_yet_released)"><strong>Fixed in Apache
Tomcat 6.0.34 (not yet released)</strong></a></font></td>
+<td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica,sanserif"><a
name="Fixed in Apache Tomcat 6.0.35">
+<!--()--></a><a name="Fixed_in_Apache_Tomcat_6.0.35"><strong>Fixed in Apache
Tomcat 6.0.35</strong></a></font></td><td align="right" bgcolor="#525D76"><font
color="#ffffff" face="arial,helvetica.sanserif"><strong>released 5 Dec
2011</strong></font></td>
</tr>
<tr>
-<td>
+<td colspan="2">
<p>
<blockquote>
<p>
+<strong>Note:</strong> <i>The issue below was fixed in Apache Tomcat 6.0.34
but the
+ release vote for the 6.0.34 release candidate did not pass. Therefore,
+ although users must download 6.0.35 to obtain a version that includes a
+ fix for this issue, version 6.0.34 is not included in the list of
+ affected versions.</i>
+</p>
+
+
+<p>
<strong>Important: Authentication bypass and information disclosure
</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190";
rel="nofollow">CVE-2011-3190</a>
@@ -366,7 +375,7 @@
<ul>
-<li>Upgrade to Tomcat 6.0.34.</li>
+<li>Upgrade to Tomcat 6.0.35.</li>
<li>Apply the appropriate <a
href="http://svn.apache.org/viewvc?view=rev&rev=1162959";>patch</a>.</li>
@@ -591,7 +600,7 @@
<p>
-<i>Note: The issue below was fixed in Apache Tomcat 6.0.31 but the
+<strong>Note:</strong> <i>The issue below was fixed in Apache Tomcat 6.0.31
but the
release vote for the 6.0.31 release candidate did not pass. Therefore,
although users must download 6.0.32 to obtain a version that includes a
fix for this issue, version 6.0.31 is not included in the list of
@@ -762,7 +771,7 @@
<p>
-<i>Note: The issue below was fixed in Apache Tomcat 6.0.27 but the
+<strong>Note:</strong> <i>The issue below was fixed in Apache Tomcat 6.0.27
but the
release vote for the 6.0.27 release candidate did not pass. Therefore,
although users must download 6.0.28 to obtain a version that includes a
fix for this issue, version 6.0.27 is not included in the list of
@@ -818,7 +827,7 @@
<blockquote>
<p>
-<i>Note: These issues were fixed in Apache Tomcat 6.0.21 but the
+<strong>Note:</strong> <i>These issues were fixed in Apache Tomcat 6.0.21 but
the
release votes for the 6.0.21, 6.0.22 and 6.0.23 release candidates did
not pass. Therefore, although users must download 6.0.24 to obtain a
version that includes fixes for these issues, versions 6.0.21 onwards
@@ -940,7 +949,7 @@
<blockquote>
<p>
-<i>Note: These issues were fixed in Apache Tomcat 6.0.19 but the release
+<strong>Note:</strong> <i>These issues were fixed in Apache Tomcat 6.0.19 but
the release
vote for that release candidate did not pass. Therefore, although users
must download 6.0.20 to obtain a version that includes fixes for these
issues, 6.0.19 is not included in the list of affected versions.</i>
@@ -1083,7 +1092,7 @@
<blockquote>
<p>
-<i>Note: These issues were fixed in Apache Tomcat 6.0.17 but the release
+<strong>Note:</strong> <i>These issues were fixed in Apache Tomcat 6.0.17 but
the release
vote for that release candidate did not pass. Therefore, although users
must download 6.0.18 to obtain a version that includes fixes for these
issues, 6.0.17 is not included in the list of affected versions.</i>
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1213104&r1=1213103&r2=1213104&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Sun Dec 11 23:25:27 2011
@@ -49,7 +49,13 @@
</section>
- <section name="Fixed in Apache Tomcat 6.0.34 (not yet released)">
+ <section name="Fixed in Apache Tomcat 6.0.35" rtext="released 5 Dec 2011">
+
+ <p><strong>Note:</strong> <i>The issue below was fixed in Apache Tomcat
6.0.34 but the
+ release vote for the 6.0.34 release candidate did not pass. Therefore,
+ although users must download 6.0.35 to obtain a version that includes a
+ fix for this issue, version 6.0.34 is not included in the list of
+ affected versions.</i></p>
<p><strong>Important: Authentication bypass and information disclosure
</strong>
@@ -81,7 +87,7 @@
<p>Mitigation options:</p>
<ul>
- <li>Upgrade to Tomcat 6.0.34.</li>
+ <li>Upgrade to Tomcat 6.0.35.</li>
<li>Apply the appropriate <revlink rev="1162959">patch</revlink>.</li>
<li>Configure both Tomcat and the reverse proxy to use a shared
secret.<br />
(It is "<code>request.secret</code>" attribute in AJP
<Connector>,
@@ -210,7 +216,7 @@
<section name="Fixed in Apache Tomcat 6.0.32" rtext="released 03 Feb 2011">
- <p><i>Note: The issue below was fixed in Apache Tomcat 6.0.31 but the
+ <p><strong>Note:</strong> <i>The issue below was fixed in Apache Tomcat
6.0.31 but the
release vote for the 6.0.31 release candidate did not pass. Therefore,
although users must download 6.0.32 to obtain a version that includes a
fix for this issue, version 6.0.31 is not included in the list of
@@ -309,7 +315,7 @@
<p>Affects: 6.0.0-6.0.27</p>
- <p><i>Note: The issue below was fixed in Apache Tomcat 6.0.27 but the
+ <p><strong>Note:</strong> <i>The issue below was fixed in Apache Tomcat
6.0.27 but the
release vote for the 6.0.27 release candidate did not pass. Therefore,
although users must download 6.0.28 to obtain a version that includes a
fix for this issue, version 6.0.27 is not included in the list of
@@ -338,7 +344,7 @@
</section>
<section name="Fixed in Apache Tomcat 6.0.24" rtext="released 21 Jan 2010">
- <p><i>Note: These issues were fixed in Apache Tomcat 6.0.21 but the
+ <p><strong>Note:</strong> <i>These issues were fixed in Apache Tomcat
6.0.21 but the
release votes for the 6.0.21, 6.0.22 and 6.0.23 release candidates did
not pass. Therefore, although users must download 6.0.24 to obtain a
version that includes fixes for these issues, versions 6.0.21 onwards
@@ -412,7 +418,7 @@
</section>
<section name="Fixed in Apache Tomcat 6.0.20" rtext="released 3 Jun 2009">
- <p><i>Note: These issues were fixed in Apache Tomcat 6.0.19 but the release
+ <p><strong>Note:</strong> <i>These issues were fixed in Apache Tomcat
6.0.19 but the release
vote for that release candidate did not pass. Therefore, although users
must download 6.0.20 to obtain a version that includes fixes for these
issues, 6.0.19 is not included in the list of affected versions.</i></p>
@@ -500,7 +506,7 @@
</section>
<section name="Fixed in Apache Tomcat 6.0.18" rtext="released 31 Jul 2008">
- <p><i>Note: These issues were fixed in Apache Tomcat 6.0.17 but the release
+ <p><strong>Note:</strong> <i>These issues were fixed in Apache Tomcat
6.0.17 but the release
vote for that release candidate did not pass. Therefore, although users
must download 6.0.18 to obtain a version that includes fixes for these
issues, 6.0.17 is not included in the list of affected versions.</i></p>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
