Bug#692440: marked as done (tomcat7: CVE-2012-2733 CVE-2012-3439)

[Debian Bug Tracking System]

Your message dated Sat, 17 Nov 2012 23:32:46 +0000
with message-id <e1tzrsu-00069x...@franck.debian.org>
and subject line Bug#692440: fixed in tomcat6 6.0.35-5+nmu1
has caused the Debian Bug report #692440,
regarding tomcat7: CVE-2012-2733 CVE-2012-3439
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
692440: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692440
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: tomcat7
Severity: grave
Tags: security
Justification: user security hole

Please see http://tomcat.apache.org/security-7.html

Since Wheezy is frozen, please apply isolated security fixes instead
of updating to a new upstream release.

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: tomcat6
Source-Version: 6.0.35-5+nmu1

We believe that the bug you reported is fixed in the latest version of
tomcat6, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 692...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilb...@debian.org> (supplier of updated tomcat6 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 17 Nov 2012 23:15:03 +0000
Source: tomcat6
Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.4-java 
libservlet2.5-java libservlet2.5-java-doc tomcat6-admin tomcat6-examples 
tomcat6-docs tomcat6-extras
Architecture: source all
Version: 6.0.35-5+nmu1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers 
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilb...@debian.org>
Description: 
 libservlet2.4-java - Transitional package for libservlet2.5-java
 libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes
 libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation
 libtomcat6-java - Servlet and JSP engine -- core libraries
 tomcat6    - Servlet and JSP engine
 tomcat6-admin - Servlet and JSP engine -- admin web applications
 tomcat6-common - Servlet and JSP engine -- common files
 tomcat6-docs - Servlet and JSP engine -- documentation
 tomcat6-examples - Servlet and JSP engine -- example web applications
 tomcat6-extras - Servlet and JSP engine -- additional components
 tomcat6-user - Servlet and JSP engine -- tools to create user instances
Closes: 692440
Changes: 
 tomcat6 (6.0.35-5+nmu1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Fix multiple security issues (closes: #692440)
     - cve-2012-2733: denial-of-service by triggering out of memory error.
     - cve-2012-3439: multiple replay attack issues in digest authentication.
Checksums-Sha1: 
 c999b2258397afd7c614668339287c3a742baa52 3408 tomcat6_6.0.35-5+nmu1.dsc
 64b5618333d0f4e9d2982e28e690763f939ac2d1 49600 
tomcat6_6.0.35-5+nmu1.debian.tar.gz
 4db2e261a91e6eb69e8676c459ae034702191e28 51662 
tomcat6-common_6.0.35-5+nmu1_all.deb
 485a0e045d201885a075f49c44529c7330971348 41584 tomcat6_6.0.35-5+nmu1_all.deb
 182615095a13162902a9e4a0d52dd7be73a41c7d 31506 
tomcat6-user_6.0.35-5+nmu1_all.deb
 6f9f9bed0f60f070e3507ce43ca6f05e6b810530 3100996 
libtomcat6-java_6.0.35-5+nmu1_all.deb
 7f2ce99af1021eb01aa191d98c449f4e517897b3 13344 
libservlet2.4-java_6.0.35-5+nmu1_all.deb
 118f6e8f3eab3e5d32190430845adcd62697cb28 195594 
libservlet2.5-java_6.0.35-5+nmu1_all.deb
 aa7e0850d70a6a9986b1ac12c4336a91528af621 256386 
libservlet2.5-java-doc_6.0.35-5+nmu1_all.deb
 cd36119293b669a8117e195fa8e72b9f280fa767 49606 
tomcat6-admin_6.0.35-5+nmu1_all.deb
 b8d2103aefa8ab20b84876429c244069caa98f7c 164146 
tomcat6-examples_6.0.35-5+nmu1_all.deb
 08c6c38331e171365e324956afba25fff9209f9f 566316 
tomcat6-docs_6.0.35-5+nmu1_all.deb
 b2d0ad7a01b38ce2ffe98729b05d0cb10bf752f5 13552 
tomcat6-extras_6.0.35-5+nmu1_all.deb
Checksums-Sha256: 
 5ea817c206bf824e84d891a9b8469b287463b62fefbb6f906dfb4bae9ca58c23 3408 
tomcat6_6.0.35-5+nmu1.dsc
 ea2305f6b5876af898593452b3bd7f1edbe1784b52d29bfba80ed1542c32e4a2 49600 
tomcat6_6.0.35-5+nmu1.debian.tar.gz
 0cd25c1b48c0d7823483dfdb21eaba5a764b00a6540f5b4ea2d37af3ae430c1d 51662 
tomcat6-common_6.0.35-5+nmu1_all.deb
 19e6d659777b0ddfbb1f1ad2adfe42b064bbdbde465176892f7d1e8eb8e49ce6 41584 
tomcat6_6.0.35-5+nmu1_all.deb
 ef8ab8abf520b9dac23705a56b6e31414ef5024d60c8f0fd3b92003269bc7ba5 31506 
tomcat6-user_6.0.35-5+nmu1_all.deb
 941b3c862dc80482c34fbbe7d4b94fb26014b11c4f9639f1918fb6c18f80e623 3100996 
libtomcat6-java_6.0.35-5+nmu1_all.deb
 e0e44102325552c072b94588232aac961a5c086586a43021941c646d43e011fa 13344 
libservlet2.4-java_6.0.35-5+nmu1_all.deb
 59913fe059c5ff9d6e088548d3ef27c50c837df4cf5ab6d85dbd3cc5d3902d11 195594 
libservlet2.5-java_6.0.35-5+nmu1_all.deb
 6dc3dec28b468d701d7918cd927dff6dd94d420af64e0ba8c33e33349b814a75 256386 
libservlet2.5-java-doc_6.0.35-5+nmu1_all.deb
 459ffdedb8db00808886c8450dbc7a444aaca5e15d9e2083902dd8b1dd4c6bbc 49606 
tomcat6-admin_6.0.35-5+nmu1_all.deb
 47d20e4c3fe2b66d0c1134ba0a98b9e3617de1fe8aa680c686d9d4080020f92f 164146 
tomcat6-examples_6.0.35-5+nmu1_all.deb
 8983ef987c2b2f0515f8953fb03b39777c3647032d1941194997212b0a99a1e3 566316 
tomcat6-docs_6.0.35-5+nmu1_all.deb
 a430264fdc53228af6485ac318c8fa044266eb91f76e42d52ff061fd92ed888a 13552 
tomcat6-extras_6.0.35-5+nmu1_all.deb
Files: 
 53ba62b64f783e1698e36fcffc9bd20d 3408 java optional tomcat6_6.0.35-5+nmu1.dsc
 0ab9a062810a3ec8df469befd986b88c 49600 java optional 
tomcat6_6.0.35-5+nmu1.debian.tar.gz
 2e0e5769627aadf0928f0bc985dc9829 51662 java optional 
tomcat6-common_6.0.35-5+nmu1_all.deb
 3726e9a6f88b2d3d6e59330d46c6964f 41584 java optional 
tomcat6_6.0.35-5+nmu1_all.deb
 61034f3c81026a61fe20e4cc9827d39f 31506 java optional 
tomcat6-user_6.0.35-5+nmu1_all.deb
 82afb975a2b26a6f7d48eebc1058a733 3100996 java optional 
libtomcat6-java_6.0.35-5+nmu1_all.deb
 5b8540f1bcc5814dc5eccaf33c9b237b 13344 oldlibs extra 
libservlet2.4-java_6.0.35-5+nmu1_all.deb
 b0fb27ef960099090e77d4e6ab2d6920 195594 java optional 
libservlet2.5-java_6.0.35-5+nmu1_all.deb
 49ca1df6f7c8023ae3d2f64f919e9a4d 256386 doc optional 
libservlet2.5-java-doc_6.0.35-5+nmu1_all.deb
 e334b77a771aec7a3db995bedd954608 49606 java optional 
tomcat6-admin_6.0.35-5+nmu1_all.deb
 f560b710395d499063ac9fc80b08f38b 164146 java optional 
tomcat6-examples_6.0.35-5+nmu1_all.deb
 78dec13bd13ad5881674054540ed63b5 566316 doc optional 
tomcat6-docs_6.0.35-5+nmu1_all.deb
 b805038078b7a0aea6c481908dcae292 13552 java optional 
tomcat6-extras_6.0.35-5+nmu1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQQcBAEBCAAGBQJQqBvQAAoJELjWss0C1vRzYEEf/AkYUEYi35gHarOaefDjYLYu
+3+cWc9FSpDtX0B07QN56zD/j6vXSf8Ax/HEj9wx8kLMO045VWDXHycWT1SxAkdN
i0rapGWceI57hjW2e26CuT+l8fDyNipbBvQNLLAcGvQFTjaVCktnaLyHItv8/RNU
DK757xscz+nWyOzVpjqyol+faesuvBvGmdfkPTmzz9Sc2t8yxOMNKJgdG5KUaN8b
ZucQwRvUFvqIJQXS57PFSkULW6A9j1LQKsaubeG2q0PZkurfWTmKFdqc6CiZaTtb
7Vocw6A/LIbN/mYSCxeAdRJEUADRX+PLMJZe1DQoinyWfJyIkTvXvGaJB/zsR0Zl
AN3IaAGrmIXrYt8066tnXHxXDYhZyBdGXCG55+2+atGu4y8fK3B9BJ5mM5d+KuVj
/p2qy7NeImlLIFJn/R3iylUJpM4yzxHV1oCNy9isuWM4RwUX1M++C2fA0oiwsxEM
N0ortcnO5MWdk/LjJR7sr6FWE7PH7lTU1AdPqT/rOyR+bO5gVw+AJ7AZPQwv4uXy
Wixajlmcboy+yc9YSEtrX5LMSvO+8lTq/zOGdHlPKmEeuPKbZuD0QV00Mgnwgs3j
hpd+K7i1Fzqr6z5/+8MojNxBtbRi9jBBJa9K2xGlAV28XO5+FAYr0kM5u+fpKE8s
pemd0HF5WGEW/6GoL9qx8PC6mu/vFDubmUDX2c1sx8yMXHQcaCDMLmnmiPF91gEh
fbJTne7g0ceWKQlqANKFRUrR4Vq8KManeSMr3wPrI8OIjC9OUzBrfIeeV3Ea6FK0
SVaQU+AmAgmtpvsw5heTZEfUYaZ1YeZOp3Wt5tPkNx5JLa+5V8E1vqN/LHH7LHJy
kXkxjObdxV8WvwsZLyY9qI13fZPTRXIAPf2riceFBGBUMPst1cB5xVS9t83qVWML
QXGXILzeN+j1flkL1TSTuu+9VmqTyr1VPk/eJLI3S+lgB+d/nqeH4BMu6S5BPXKm
HVFrdpYOIPjb33ZJb9ROLOTDRR/brKQq36oEJqfuf5SPoKFe83IqhjxUbiloIR/L
IGXB41nUzacOoViUGnJLdp7+ah8tEEfWC47bpdsBHhybt+TkBRlx2GUHeWpp6pQq
E8YlwLNWsElI/FVcipItyLKH8YQEsomxwLmUk172LGtO/smpRu6BA9KHF3T9mwub
8aNTI67i0BvDCDR9QDL7La2vr+rERoZCBEkqnKDMNKrZuyfLrXE/o2HvVw0ZSmOH
oI4MDCZC31HBilf0z8Fq6qVmoDRf/l/IhsbH/uvqkduHcGKH7MVchGtZeYBAo2Yk
pCAx+UYHoaeVC4vP5B+Yrr3i1sYZidHyVKdYGcCRwXhQd8Vmduj7eShYY8blKKQ=
=bdLa
-----END PGP SIGNATURE-----

--- End Message ---

__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.