tomcat6 (6.0.32-5ubuntu1.1) oneiric-security; urgency=low
* SECURITY UPDATE: HTTP DIGEST authentication weaknesses
- debian/patches/0014-CVE-2011-1184.patch: add new nonce options in
java/org/apache/catalina/authenticator/DigestAuthenticator.java,
java/org/apache/catalina/authenticator/LocalStrings.properties,
java/org/apache/catalina/authenticator/mbeans-descriptors.xml,
java/org/apache/catalina/realm/RealmBase.java,
webapps/docs/config/valve.xml.
- CVE-2011-1184
* SECURITY UPDATE: file restriction bypass or denial of service via
untrusted web application.
- debian/patches/0015-CVE-2011-2526.patch: check canonical name in
java/org/apache/catalina/connector/LocalStrings.properties,
java/org/apache/catalina/connector/Request.java,
java/org/apache/catalina/servlets/DefaultServlet.java,
java/org/apache/coyote/http11/Http11AprProcessor.java,
java/org/apache/coyote/http11/LocalStrings.properties,
java/org/apache/tomcat/util/net/AprEndpoint.java,
java/org/apache/tomcat/util/net/NioEndpoint.java.
- CVE-2011-2526
Date: Thu, 13 Oct 2011 16:41:43 -0400
Changed-By: Marc Deslauriers <[email protected]>
Maintainer: Ubuntu Developers <[email protected]>
https://launchpad.net/ubuntu/oneiric/+source/tomcat6/6.0.32-5ubuntu1.1
Format: 1.8
Date: Thu, 13 Oct 2011 16:41:43 -0400
Source: tomcat6
Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java
libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs
tomcat6-extras
Architecture: source
Version: 6.0.32-5ubuntu1.1
Distribution: oneiric-security
Urgency: low
Maintainer: Ubuntu Developers <[email protected]>
Changed-By: Marc Deslauriers <[email protected]>
Description:
libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes
libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation
libtomcat6-java - Servlet and JSP engine -- core libraries
tomcat6 - Servlet and JSP engine
tomcat6-admin - Servlet and JSP engine -- admin web applications
tomcat6-common - Servlet and JSP engine -- common files
tomcat6-docs - Servlet and JSP engine -- documentation
tomcat6-examples - Servlet and JSP engine -- example web applications
tomcat6-extras - Servlet and JSP engine -- additional components
tomcat6-user - Servlet and JSP engine -- tools to create user instances
Changes:
tomcat6 (6.0.32-5ubuntu1.1) oneiric-security; urgency=low
.
* SECURITY UPDATE: HTTP DIGEST authentication weaknesses
- debian/patches/0014-CVE-2011-1184.patch: add new nonce options in
java/org/apache/catalina/authenticator/DigestAuthenticator.java,
java/org/apache/catalina/authenticator/LocalStrings.properties,
java/org/apache/catalina/authenticator/mbeans-descriptors.xml,
java/org/apache/catalina/realm/RealmBase.java,
webapps/docs/config/valve.xml.
- CVE-2011-1184
* SECURITY UPDATE: file restriction bypass or denial of service via
untrusted web application.
- debian/patches/0015-CVE-2011-2526.patch: check canonical name in
java/org/apache/catalina/connector/LocalStrings.properties,
java/org/apache/catalina/connector/Request.java,
java/org/apache/catalina/servlets/DefaultServlet.java,
java/org/apache/coyote/http11/Http11AprProcessor.java,
java/org/apache/coyote/http11/LocalStrings.properties,
java/org/apache/tomcat/util/net/AprEndpoint.java,
java/org/apache/tomcat/util/net/NioEndpoint.java.
- CVE-2011-2526
Checksums-Sha1:
18ce30b11422cf98b07fefffffa878320c4fa90f 2388 tomcat6_6.0.32-5ubuntu1.1.dsc
01ea231f8a2b97cdcac00ac1238c7e399cf01cbb 53449
tomcat6_6.0.32-5ubuntu1.1.debian.tar.gz
Checksums-Sha256:
e646398b13785ac719cc2f5d0fbcfcd4728531415e15f7450f0ccc03b8716398 2388
tomcat6_6.0.32-5ubuntu1.1.dsc
6552e5a2a1cd648a727978b60edc32b02322757405faac0295943c4c472a0186 53449
tomcat6_6.0.32-5ubuntu1.1.debian.tar.gz
Files:
fa57175018eb062ade4949bd7915c8b7 2388 java optional
tomcat6_6.0.32-5ubuntu1.1.dsc
004b8544a8f2fce55edeaf8da726b82e 53449 java optional
tomcat6_6.0.32-5ubuntu1.1.debian.tar.gz
Original-Maintainer: Debian Java Maintainers
<[email protected]>
--
Oneiric-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/oneiric-changes
