Comment 1 for bug 1197151

Hello,

CVE-2012-4431 has already been fixed in the 12.04 LTS tomcat7 packages; see the changelog at https://launchpad.net/ubuntu/+source/tomcat7/7.0.26-1ubuntu1.2 for details, but in part:

    - debian/patches/0015-CVE-2012-4431.patch: Fix for bypass of CSRF prevention
      filter. Based on upstream patch.

Our vulnerability database shows there are three vulnerabilities for tomcat7 in 12.04 LTS at the moment: CVE-2012-3544, CVE-2013-2067, CVE-2013-2071. You can find more information on these vulnerabilities at: http://people.canonical.com/~ubuntu-security/cve/pkg/tomcat7.html

Because tomcat7 is in universe in 12.04 LTS, it is maintained by the community. If you are able to prepare a debdiff to fix these issues, the security team will be happy to sponsor the package. (This is how the fix for CVE-2012-4431 was released to 12.04 LTS in March; one of our users prepared and tested the package.)

I'm closing this as "invalid" because this specific security issue has been fixed.

Thank you