[ubuntu/lucid-security] tomcat6, tomcat6 (delayed) 6.0.24-2ubuntu1.6 (Accepted)

Mon, 24 Jan 2011 06:03:54 -0800 

tomcat6 (6.0.24-2ubuntu1.6) lucid-security; urgency=low

  * SECURITY UPDATE: cross-site scripting in Manager application
    - debian/patches/0011-CVE-2010-4172.patch: add proper escaping to
      java/org/apache/catalina/manager/JspHelper.java,
      webapps/manager/{sessionDetail,sessionsList}.jsp.
    - patch backported from Debian 6.0.28-9 package
    - CVE-2010-4172

Date: Thu, 13 Jan 2011 15:32:24 -0600
Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/tomcat6/6.0.24-2ubuntu1.6

Format: 1.8
Date: Thu, 13 Jan 2011 15:32:24 -0600
Source: tomcat6
Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java 
libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs
Architecture: source
Version: 6.0.24-2ubuntu1.6
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com>
Description: 
 libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes
 libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation
 libtomcat6-java - Servlet and JSP engine -- core libraries
 tomcat6    - Servlet and JSP engine
 tomcat6-admin - Servlet and JSP engine -- admin web applications
 tomcat6-common - Servlet and JSP engine -- common files
 tomcat6-docs - Servlet and JSP engine -- documentation
 tomcat6-examples - Servlet and JSP engine -- example web applications
 tomcat6-user - Servlet and JSP engine -- tools to create user instances
Changes: 
 tomcat6 (6.0.24-2ubuntu1.6) lucid-security; urgency=low
 .
   * SECURITY UPDATE: cross-site scripting in Manager application
     - debian/patches/0011-CVE-2010-4172.patch: add proper escaping to
       java/org/apache/catalina/manager/JspHelper.java,
       webapps/manager/{sessionDetail,sessionsList}.jsp.
     - patch backported from Debian 6.0.28-9 package
     - CVE-2010-4172
Checksums-Sha1: 
 8ca437b2f5ef079f4df0ad0ed782b43ff437b880 2405 tomcat6_6.0.24-2ubuntu1.6.dsc
 141fc3c84f9b4231f07b93afd4e82b8910c07566 32782 
tomcat6_6.0.24-2ubuntu1.6.debian.tar.gz
Checksums-Sha256: 
 ba6deea37bb41459612dc9927f8d9c90ece17931d122775c509bdcfb9c17a2ff 2405 
tomcat6_6.0.24-2ubuntu1.6.dsc
 9340d9d72fa398c8af58e295981857902eff70f7a11482a4177df320f81026e1 32782 
tomcat6_6.0.24-2ubuntu1.6.debian.tar.gz
Files: 
 2ee1921228239791f5aab04bc2bf6c48 2405 java optional 
tomcat6_6.0.24-2ubuntu1.6.dsc
 d369c0e8ab9ef06c320a74ba10c5e361 32782 java optional 
tomcat6_6.0.24-2ubuntu1.6.debian.tar.gz
Original-Maintainer: Debian Java Maintainers 
<pkg-java-maintain...@lists.alioth.debian.org>

-- 
Lucid-changes mailing list
Lucid-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/lucid-changes

Reply via email to