[Bug 341278] Re: CVE-2009-0781: XSS in tomcat6 and tomcat5.5
Marking parent task as "Won't Fix" since it tracks Jaunty, but leaving Hardy. On Hardy, this package is in universe and is community supported. If someone is able, perhaps you could prepare debdiffs to fix this by following https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures. ** Changed in: tomcat5.5 (Ubuntu) Status: Confirmed => Won't Fix -- CVE-2009-0781: XSS in tomcat6 and tomcat5.5 https://bugs.launchpad.net/bugs/341278 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 341278] Re: CVE-2009-0781: XSS in tomcat6 and tomcat5.5
Jaunty is EOL. ** Changed in: tomcat5.5 (Ubuntu Jaunty) Status: Confirmed => Won't Fix -- CVE-2009-0781: XSS in tomcat6 and tomcat5.5 https://bugs.launchpad.net/bugs/341278 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 341278] Re: CVE-2009-0781: XSS in tomcat6 and tomcat5.5
Intrepid Ibex reached end-of-life on 30 April 2010 so I am closing the report. The bug is still marked as confirmed in later versions of Ubuntu. ** Changed in: tomcat5.5 (Ubuntu Intrepid) Status: Confirmed => Invalid -- CVE-2009-0781: XSS in tomcat6 and tomcat5.5 https://bugs.launchpad.net/bugs/341278 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 341278] Re: CVE-2009-0781: XSS in tomcat6 and tomcat5.5
** Branch linked: lp:ubuntu/jaunty-security/tomcat6 -- CVE-2009-0781: XSS in tomcat6 and tomcat5.5 https://bugs.launchpad.net/bugs/341278 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 341278] Re: CVE-2009-0781: XSS in tomcat6 and tomcat5.5
** Changed in: tomcat6 (Ubuntu) Status: Confirmed => Fix Released -- CVE-2009-0781: XSS in tomcat6 and tomcat5.5 https://bugs.launchpad.net/bugs/341278 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 341278] Re: CVE-2009-0781: XSS in tomcat6 and tomcat5.5
** Changed in: tomcat6 (Debian) Status: Unknown => Fix Released -- CVE-2009-0781: XSS in tomcat6 and tomcat5.5 https://bugs.launchpad.net/bugs/341278 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 341278] Re: CVE-2009-0781: XSS in tomcat6 and tomcat5.5
** Bug watch added: Debian Bug tracker #532362 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532362 ** Also affects: tomcat6 (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532362 Importance: Unknown Status: Unknown -- CVE-2009-0781: XSS in tomcat6 and tomcat5.5 https://bugs.launchpad.net/bugs/341278 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 341278] Re: CVE-2009-0781: XSS in tomcat6 and tomcat5.5
This bug was fixed in the package tomcat6 - 6.0.18-0ubuntu6.1
---
tomcat6 (6.0.18-0ubuntu6.1) jaunty-security; urgency=low
* SECURITY UPDATE: security bypass via specially crafted request
- debian/patches/security-CVE-2008-5515.patch: use only a single
normalise implementation in:
java/org/apache/catalina/connector/Request.java,
java/org/apache/catalina/core/{ApplicationContext,ApplicationHttpRequest}.java,
java/org/apache/catalina/servlets/WebdavServlet.java,
java/org/apache/catalina/ssi/{SSIServletExternalResolver,SSIServletRequestUtil}.java,
java/org/apache/catalina/util/RequestUtil.java,
java/org/apache/naming/resources/FileDirContext.java
- CVE-2008-5515
* SECURITY UPDATE: denial of service via request with invalid headers
- debian/patches/security-CVE-2009-0033.patch: make sure we return
400 to the browser in
java/org/apache/jk/common/{ChannelNioSocket,ChannelSocket,HandlerRequest}.java
- CVE-2009-0033
* SECURITY UPDATE: valid username enumeration via improper error checking
- debian/patches/security-CVE-2009-0580.patch: make sure we have valid
credentials in
java/org/apache/catalina/realm/{DataSourceRealm,JDBCRealm,MemoryRealm}.java
- CVE-2009-0580
* SECURITY UPDATE: cross-site scripting in calendar example application
(LP: #341278)
- debian/patches/security-CVE-2009-0781.patch: properly quote value in
webapps/examples/jsp/cal/cal2.jsp
- CVE-2009-0781
* SECURITY UPDATE: information disclosure via XML parser replacement
- debian/patches/security-CVE-2009-0783.patch: create digesters and
parsers earlier and don't use xml-parser from web-app in
java/org/apache/catalina/core/StandardContext.java,
java/org/apache/catalina/startup/{LocalStrings.properties,TldConfig.java}
- CVE-2009-0783
-- Marc DeslauriersWed, 10 Jun 2009
08:31:31 -0400
--
CVE-2009-0781: XSS in tomcat6 and tomcat5.5
https://bugs.launchpad.net/bugs/341278
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat6 in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 341278] Re: CVE-2009-0781: XSS in tomcat6 and tomcat5.5
This bug was fixed in the package tomcat6 - 6.0.18-0ubuntu3.2
---
tomcat6 (6.0.18-0ubuntu3.2) intrepid-security; urgency=low
* SECURITY UPDATE: security bypass via specially crafted request
- debian/patches/security-CVE-2008-5515.patch: use only a single
normalise implementation in:
java/org/apache/catalina/connector/Request.java,
java/org/apache/catalina/core/{ApplicationContext,ApplicationHttpRequest}.java,
java/org/apache/catalina/servlets/WebdavServlet.java,
java/org/apache/catalina/ssi/{SSIServletExternalResolver,SSIServletRequestUtil}.java,
java/org/apache/catalina/util/RequestUtil.java,
java/org/apache/naming/resources/FileDirContext.java
- CVE-2008-5515
* SECURITY UPDATE: denial of service via request with invalid headers
- debian/patches/security-CVE-2009-0033.patch: make sure we return
400 to the browser in
java/org/apache/jk/common/{ChannelNioSocket,ChannelSocket,HandlerRequest}.java
- CVE-2009-0033
* SECURITY UPDATE: valid username enumeration via improper error checking
- debian/patches/security-CVE-2009-0580.patch: make sure we have valid
credentials in
java/org/apache/catalina/realm/{DataSourceRealm,JDBCRealm,MemoryRealm}.java
- CVE-2009-0580
* SECURITY UPDATE: cross-site scripting in calendar example application
(LP: #341278)
- debian/patches/security-CVE-2009-0781.patch: properly quote value in
webapps/examples/jsp/cal/cal2.jsp
- CVE-2009-0781
* SECURITY UPDATE: information disclosure via XML parser replacement
- debian/patches/security-CVE-2009-0783.patch: create digesters and
parsers earlier and don't use xml-parser from web-app in
java/org/apache/catalina/core/StandardContext.java,
java/org/apache/catalina/startup/{LocalStrings.properties,TldConfig.java}
- CVE-2009-0783
-- Marc DeslauriersWed, 10 Jun 2009
09:46:33 -0400
** Changed in: tomcat6 (Ubuntu Intrepid)
Status: Confirmed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-5515
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0033
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0580
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0783
** Changed in: tomcat6 (Ubuntu Jaunty)
Status: Confirmed => Fix Released
--
CVE-2009-0781: XSS in tomcat6 and tomcat5.5
https://bugs.launchpad.net/bugs/341278
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat6 in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 341278] Re: CVE-2009-0781: XSS in tomcat6 and tomcat5.5
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0781 -- CVE-2009-0781: XSS in tomcat6 and tomcat5.5 https://bugs.launchpad.net/bugs/341278 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 341278] Re: CVE-2009-0781: XSS in tomcat6 and tomcat5.5
The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life - http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the Gutsy task. ** Changed in: tomcat5.5 (Ubuntu Gutsy) Status: Confirmed => Won't Fix -- CVE-2009-0781: XSS in tomcat6 and tomcat5.5 https://bugs.launchpad.net/bugs/341278 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 341278] Re: CVE-2009-0781: XSS in tomcat6 and tomcat5.5
** Changed in: tomcat5.5 (Ubuntu Gutsy) Importance: Undecided => Low ** Changed in: tomcat5.5 (Ubuntu Hardy) Importance: Undecided => Low ** Changed in: tomcat5.5 (Ubuntu Intrepid) Importance: Undecided => Low ** Changed in: tomcat5.5 (Ubuntu Jaunty) Importance: Undecided => Low ** Changed in: tomcat6 (Ubuntu Intrepid) Importance: Undecided => Low ** Changed in: tomcat6 (Ubuntu Jaunty) Importance: Undecided => Low -- CVE-2009-0781: XSS in tomcat6 and tomcat5.5 https://bugs.launchpad.net/bugs/341278 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
