please merge tomcat5.5 (5.5.25-5) from Debian unstable (main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tomcat5.5 (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Binary package hint: tomcat5.5
Please consider merging tomcat5.5 from Debian unstable as it contains fixes for two CVE's and also important packaging fixes.
Ubuntu changes that can be dropped:
- Build-depends on xsltproc: tomcat5.5 package used to build documentation using xsltproc, but is now using Xalan-Java (libxalan2-java). I reckon the build dependency was unnecessarily carried around during merges as Debian stopped using it since 5.5.20-2 (related patches were dropped as well). It's not used in build process and the documentation looks the same with or without it. (http://<email address hidden>
- Replace the Depends on ecj-bootstrap with ecj: Included in Debian packaging (as libecj-java).
New Debian version also fixes following Ubuntu bugs: bug #153672, bug #159661, bug #161882 and bug #173692.
New Debian changes:
tomcat5.5 (5.5.25-5) unstable; urgency=low
* debian/
Thanks to Javier Serrano Polo for the patch. Closes: #445857.
* debian/
Closes: #453879.
* debian/
Closes: #452366.
* debian/
Closes: #457956.
* Renamed /etc/cron.
Closes: #454296.
* debian/
tomcat gets started with system locale. Originally reported to
https:/
-- Michael Koch <email address hidden> Thu, 03 Jan 2008 13:23:44 +0100
tomcat5.5 (5.5.25-4) unstable; urgency=high
* CVE-2007-5342: Fix unauthorized modification of data because of
too open permissions. Closes: #458237.
* Always clean temporary directory on startup. Closes: #456608.
-- Michael Koch <email address hidden> Sat, 29 Dec 2007 20:15:40 +0100
tomcat5.5 (5.5.25-3) unstable; urgency=low
* debian/
xercesImpl.jar. Closes: #443382, #455495.
* Added libgnumail-java to Build-Depends. Closes: #454312.
* Updated Standards-Version to 3.7.3.
-- Michael Koch <email address hidden> Thu, 13 Dec 2007 22:15:18 +0100
tomcat5.5 (5.5.25-2) unstable; urgency=high
[ Michael Koch ]
CVE-2007-5461:
* Fix absolute path traversal vulnerability. Closes: #448664.
[ Marcus Better ]
* Add required commons-io symlink to the admin webapp, which fixes WAR
file uploads. (Closes: #452366)
* debian/control: Use the new Homepage and Vcs-* fields.
* debian/NEWS: Remove outdated entry.
-- Michael Koch <email address hidden> Fri, 30 Nov 2007 10:46:33 +0100
Please hold this request until few issues are cleared with Debian maintainers, thanks.