Jamie, Thanks for the info. There is a fix for CVE-2012-2733 for tomcat7 from upstream (see http://svn.apache.org/viewvc?view=revision&revision=1350301).
Did you see the new debdiff for oneiric in comment #5? All the fixes for the CVEs I am aware of should be in it (as well CVE-2012-2733). Please let me know if the changelog is okay like that and of course if there are any other improvements/changes I should make. As soon as that one is approved I will upload the precise debdiff. Thanks -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
