tomcat6 (6.0.20-2ubuntu2.4) karmic-security; urgency=low
* SECURITY UPDATE: directory traversal via incorrect ServetContext
attribute (LP: #717396)
- debian/patches/0012-CVE-2010-3718.patch: mark as read only in
java/org/apache/catalina/core/StandardContext.java.
- CVE-2010-3718
* SECURITY UPDATE: cross-site scripting in HTML Manager interface
- debian/patches/0013-CVE-2011-0013.patch: properly filter values in
java/org/apache/catalina/manager/{HTMLManagerServlet.java,
StatusTransformer.java}.
- CVE-2011-0013
* SECURITY UPDATE: denial of service via NIOS HTTP connector
(LP: #714239, LP: #717396)
- debian/patches/0014-CVE-2011-0534.patch: enforce proper size in
java/org/apache/coyote/http11/InternalNioInputBuffer.java.
- CVE-2011-0534
Date: Thu, 24 Mar 2011 13:58:06 -0400
Changed-By: Marc Deslauriers <[email protected]>
Maintainer: Ubuntu Developers <[email protected]>
https://launchpad.net/ubuntu/karmic/+source/tomcat6/6.0.20-2ubuntu2.4
Format: 1.8
Date: Thu, 24 Mar 2011 13:58:06 -0400
Source: tomcat6
Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java
libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs
Architecture: source
Version: 6.0.20-2ubuntu2.4
Distribution: karmic-security
Urgency: low
Maintainer: Ubuntu Developers <[email protected]>
Changed-By: Marc Deslauriers <[email protected]>
Description:
libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes
libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation
libtomcat6-java - Servlet and JSP engine -- core libraries
tomcat6 - Servlet and JSP engine
tomcat6-admin - Servlet and JSP engine -- admin web applications
tomcat6-common - Servlet and JSP engine -- common files
tomcat6-docs - Servlet and JSP engine -- example web applications
tomcat6-examples - Servlet and JSP engine -- example web applications
tomcat6-user - Servlet and JSP engine -- tools to create user instances
Changes:
tomcat6 (6.0.20-2ubuntu2.4) karmic-security; urgency=low
.
* SECURITY UPDATE: directory traversal via incorrect ServetContext
attribute (LP: #717396)
- debian/patches/0012-CVE-2010-3718.patch: mark as read only in
java/org/apache/catalina/core/StandardContext.java.
- CVE-2010-3718
* SECURITY UPDATE: cross-site scripting in HTML Manager interface
- debian/patches/0013-CVE-2011-0013.patch: properly filter values in
java/org/apache/catalina/manager/{HTMLManagerServlet.java,
StatusTransformer.java}.
- CVE-2011-0013
* SECURITY UPDATE: denial of service via NIOS HTTP connector
(LP: #714239, LP: #717396)
- debian/patches/0014-CVE-2011-0534.patch: enforce proper size in
java/org/apache/coyote/http11/InternalNioInputBuffer.java.
- CVE-2011-0534
Checksums-Sha1:
2f74bcbdfdbda800c52a5b15e91dad8999aff0eb 2199 tomcat6_6.0.20-2ubuntu2.4.dsc
38da0705b7631c553415a00de5a1e48428fa6a6a 30146
tomcat6_6.0.20-2ubuntu2.4.diff.gz
Checksums-Sha256:
139e4c20a13efca33ec6e8186c695a25b71fbd937e4d3788c4ef18b12a520d53 2199
tomcat6_6.0.20-2ubuntu2.4.dsc
65bf256c884ec18a78dbb19d3c00a5f80dcf50e452aee39d13a66e4cb52bc9d3 30146
tomcat6_6.0.20-2ubuntu2.4.diff.gz
Files:
24aa6255ebff7bd1eb07dfa60724e814 2199 java optional
tomcat6_6.0.20-2ubuntu2.4.dsc
368440fa70bc0db3761dabf5f2709dda 30146 java optional
tomcat6_6.0.20-2ubuntu2.4.diff.gz
Launchpad-Bugs-Fixed: 714239 717396 717396
Original-Maintainer: Debian Java Maintainers
<[email protected]>
--
Karmic-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/karmic-changes
