*** This bug is a security vulnerability *** Public security bug reported:
Please sync tomcat6 6.0.35-5 (universe) from Debian unstable (main) Changelog entries since current quantal version 6.0.35-4: tomcat6 (6.0.35-5) unstable; urgency=low * Apply patch to README.Debian to explain setting the HTTPOnly flag in cookies by default; CVE-2010-4312. (Closes: #608286) - Thank you to Thijs Kinkhorst for the patch. * Use ucf and a template for /etc/logrotate.d/tomcat6 file to avoid updating the shipped conffile. (Closes: #687818) -- tony mancill <tmanc...@debian.org> Mon, 06 Aug 2012 21:29:11 -0700 ** Affects: tomcat6 (Ubuntu) Importance: Undecided Status: New ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-4312 ** This bug has been flagged as a security vulnerability -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat6 in Ubuntu. https://bugs.launchpad.net/bugs/1057111 Title: Sync tomcat6 6.0.35-5 (universe) from Debian unstable (main) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat6/+bug/1057111/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs