Okay, new Debian version was just release with most of the delta included. ** Summary changed:
- please merge tomcat5.5 (5.5.25-4) from Debian unstable (main) + please merge tomcat5.5 (5.5.25-5) from Debian unstable (main) ** Description changed: Binary package hint: tomcat5.5 Please consider merging tomcat5.5 from Debian unstable as it contains - fixes for several CVE's and important packaging fixes. + fixes for two CVE's and also important packaging fixes. Ubuntu changes that can be dropped: - - Build-depends on xsltproc: tomcat5.5 package used to build documentation using xsltproc, but is now using Xalan-Java (libxalan2-java). I reckon the build dependency was unnecessarily carried around during merges as Debian stopped using it since 5.5.20-2 (related patches were dropped as well). It's not used in build process and the documentation looks the same with or without it. (http://www.mail-archive.com/[EMAIL PROTECTED]/msg11269.html and Debian 5.5.20-2 changelog entry). + - Build-depends on xsltproc: tomcat5.5 package used to build documentation using xsltproc, but is now using Xalan-Java (libxalan2-java). I reckon the build dependency was unnecessarily carried around during merges as Debian stopped using it since 5.5.20-2 (related patches were dropped as well). It's not used in build process and the documentation looks the same with or without it. (http://www.mail-archive.com/[EMAIL PROTECTED]/msg11269.html and Debian 5.5.20-2 changelog entry). - New Ubuntu changes are bugfixes, forwarded as: - * Opened http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=458411 - * Reopened http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452366 + - Replace the Depends on ecj-bootstrap with ecj: Included in Debian + packaging (as libecj-java). - New Debian version also fixes Bug #173692 and Bug #161882. + New Debian version also fixes following Ubuntu bugs: bug #153672, bug #159661, bug #161882 and bug #173692. New Debian changes: + + tomcat5.5 (5.5.25-5) unstable; urgency=low + + * debian/tomcat5.5.init: Check if tomcat-users.xml exists. + Thanks to Javier Serrano Polo for the patch. Closes: #445857. + * debian/tomcat5.5-webapps.postrm: Purge links created in postinst script. + Closes: #453879. + * debian/tomcat5.5-admin.links: Fix symlink for commons-io.jar. + Closes: #452366. + * debian/tomcat5.5.init: Check user id of the user running the init script. + Closes: #457956. + * Renamed /etc/cron.daily/tomcat5.5 to /etc/cron.daily/tomcat55. + Closes: #454296. + * debian/tomcat5.5.init: source /etc/default/locale and export LANG so + tomcat gets started with system locale. Originally reported to + https://bugs.launchpad.net/ubuntu/+source/tomcat5.5/+bug/153672. + + -- Michael Koch <[EMAIL PROTECTED]> Thu, 03 Jan 2008 13:23:44 +0100 tomcat5.5 (5.5.25-4) unstable; urgency=high * CVE-2007-5342: Fix unauthorized modification of data because of too open permissions. Closes: #458237. * Always clean temporary directory on startup. Closes: #456608. -- Michael Koch <[EMAIL PROTECTED]> Sat, 29 Dec 2007 20:15:40 +0100 tomcat5.5 (5.5.25-3) unstable; urgency=low * debian/libtomcat5.5-java.links: Removed links for xml-apis.jar and xercesImpl.jar. Closes: #443382, #455495. * Added libgnumail-java to Build-Depends. Closes: #454312. * Updated Standards-Version to 3.7.3. -- Michael Koch <[EMAIL PROTECTED]> Thu, 13 Dec 2007 22:15:18 +0100 tomcat5.5 (5.5.25-2) unstable; urgency=high [ Michael Koch ] CVE-2007-5461: * Fix absolute path traversal vulnerability. Closes: #448664. [ Marcus Better ] * Add required commons-io symlink to the admin webapp, which fixes WAR file uploads. (Closes: #452366) * debian/control: Use the new Homepage and Vcs-* fields. * debian/NEWS: Remove outdated entry. -- Michael Koch <[EMAIL PROTECTED]> Fri, 30 Nov 2007 10:46:33 +0100 ** Attachment added: "Proposed merge of tomcat5.5 (5.5.25-5)" http://launchpadlibrarian.net/11139333/debdiff.txt -- please merge tomcat5.5 (5.5.25-5) from Debian unstable (main) https://bugs.launchpad.net/bugs/179491 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
