Your message dated Sat, 29 Dec 2012 11:27:12 -0800
with message-id <[email protected]>
and subject line tomcat6: tomcat6-admin doesn't use CSRF protections
has caused the Debian Bug report #632399,
regarding tomcat6-admin doesn't use CSRF protections
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
632399: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632399
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: tomcat6-admin
Version: 6.0.28-9+squeeze1
Severity: normal
Tags: security
According to the upstream changelog
(http://tomcat.apache.org/tomcat-6.0-doc/changelog.html), Tomcat 6.0.30 fixed a
CSRF vulnerability in the manager application. The Debian package does not have
these protections.
-- System Information:
Debian Release: 6.0.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686-bigmem (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages tomcat6-admin depends on:
ii tomcat6-common 6.0.28-9+squeeze1 Servlet and JSP engine -- common f
tomcat6-admin recommends no packages.
tomcat6-admin suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
# the CSRF protections for tomcat-admin are in this upstream release
fixed 632399 6.0.35-1+squeeze2
thanks
signature.asc
Description: OpenPGP digital signature
--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
