Sitting too long on this patch for quantal and could not really enable the
testsuite I thought I just drop it here. Even with some hints from jamespage I
could not run the built in tests and didn't really had enough time to look
further in it.
The changes are all done as in upstream and it
*** This bug is a security vulnerability ***
Public security bug reported:
Tomcat6 on quantal and raring include multiple vulnerabilities.
See http://people.canonical.com/~ubuntu-security/cve/pkg/tomcat6.html
** Affects: tomcat6 (Ubuntu)
Importance: Undecided
Status: New
**
I prepared a patch but want to test it first. Is there a testsuite
available in tomcat6 and is it enabled?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat6 in Ubuntu.
https://bugs.launchpad.net/bugs/1166649
Title:
Multiple
Jamie,
There seems to be a problem with the updated package.
See https://plus.google.com/112659624466139657672/posts/cMaEhQbcdGL
I guess the precise package cause the problem. Was there anything added
regarding startup?
--
You received this bug notification because you are a member of Ubuntu
This is the precise patch. Hopefully it goes smoother this time ;)
Note that I got certificate errors when I run the testsuite (in
TestClientCert.BIO.txt, TestClientCert.NIO.txt, TestCustomSSL.BIO.txt,
TestCustomSSL.NIO.txt, TestSSL.BIO.txt and TestSSL.NIO.txt). However I
got the exact same
I rewrote the description on CVE-2012-3439.patch and fixed the
whitespace changes in CVE-2012-0022.patch as far as I saw them.
CVE-2012-3439 gave me quite some headache since the testcases upstream changed
already before a lot and it was hard to adopt to the oneiric version. Either I
would have
Finally the tests run without any errors. I hope everything is okay now
with the patch. Thanks for your patience anyway.
** Patch added: lp1115053-oneiric-4.debdiff
https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+attachment/3557794/+files/lp1115053-oneiric-4.debdiff
--
You
I updated the DEP-3 comments according to your input. I hope it's easier
now to understand the patches I made. For some patches I didn't find the
according upstream bugs so I left them out. As far as I see is the Bug-
field optional.
The testsuite additions are now included. I got one error
I see. Thanks for the further comments. I will see that I can fix this
and prepare a new debdiff.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat7 in Ubuntu.
https://bugs.launchpad.net/bugs/1115053
Title:
Multiple open
Jamie,
Thanks for the info. There is a fix for CVE-2012-2733 for tomcat7 from
upstream (see
http://svn.apache.org/viewvc?view=revisionrevision=1350301).
Did you see the new debdiff for oneiric in comment #5? All the fixes for
the CVEs I am aware of should be in it (as well CVE-2012-2733). Please
Here is an updated debdiff with all the fixes.
Please note: CVE-2011-4858 is resolved through patch for CVE-2012-0022.
CVE-2012-5568 is seen as a non-issue for tomcat (see
http://tomcat.apache.org/security-7.html#Not_a_vulnerability_in_Tomcat)
Is the formating of the changelog okay like this?
From CVE-2012-2733 on Precise is affected too. Should I create a new bug for
it or add a future debdiff here?
As well some CVEs affect as well tomcat6. Same question: new bug or add here?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed
Yeah, I will look that I can prepare one debdiff with all the fixes.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat7 in Ubuntu.
https://bugs.launchpad.net/bugs/1115053
Title:
Parameter Handling Denial of Service in Oneiric
*** This bug is a security vulnerability ***
Public security bug reported:
Oneiric tomcat7 (version 7.0.21-1) has the following vulnerability:
Apache Tomcat is prone to a denial-of-service vulnerability. Attacker
may leverage this issue to consume an excessive amount of CPU resources,
causing a
** Patch added: lp1115053-oneiric.debdiff
https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+attachment/3514213/+files/lp1115053-oneiric.debdiff
** Changed in: tomcat7 (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of
15 matches
Mail list logo
