Ubuntu
tomcat6 package

Sync tomcat6 6.0.35-5 (universe) from Debian unstable (main)

Bug #1057111 reported by Logan Rosen on 2012-09-26

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tomcat6 (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Please sync tomcat6 6.0.35-5 (universe) from Debian unstable (main)

Changelog entries since current quantal version 6.0.35-4:

tomcat6 (6.0.35-5) unstable; urgency=low

  * Apply patch to README.Debian to explain setting the HTTPOnly flag
    in cookies by default; CVE-2010-4312. (Closes: #608286)
    - Thank you to Thijs Kinkhorst for the patch.
  * Use ucf and a template for /etc/logrotate.d/tomcat6 file to avoid
    updating the shipped conffile. (Closes: #687818)

-- tony mancill <email address hidden> Mon, 06 Aug 2012 21:29:11 -0700

CVE References

2010-4312

Logan Rosen (logan) on 2012-09-26

security vulnerability:

no → yes

Revision history for this message

Bhavani Shankar (bhavi) wrote on 2012-09-27:

Looking into this

- Bhavani

Revision history for this message

Bhavani Shankar (bhavi) wrote on 2012-09-27:

Sponsored this. Please close the bug when the package gets accepted into the repos.

Regards
Bhavi

Changed in tomcat6 (Ubuntu):
status:	New → Fix Committed

Didier Roche-Tolomelli (didrocks) on 2012-09-28

Changed in tomcat6 (Ubuntu):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntutomcat6 package