* New upstream version (LP: #260016)
- Fixes CVE-2008-2938: Directory traversal vulnerability (LP: #256802)
- Fixes CVE-2008-2370: Information disclosure vulnerability (LP: #256922)
- Fixes CVE-2008-1232: XSS through sendError vulnerability (LP: #256926)
* Dropped CVE-2008-1947.patch (fix is shipped in this upstream release)
* control: Improve short descriptions for the binary packages
* copyright: Added link to /usr/share/common-licenses/Apache-2.0
* control: To pull the right JRE, libtomcat6-java now depends on
default-jre-headless | java6-runtime-headless
This bug was fixed in the package tomcat6 - 6.0.18-0ubuntu1
---------------
tomcat6 (6.0.18-0ubuntu1) intrepid; urgency=low
* New upstream version (LP: #260016) common- licenses/ Apache- 2.0 jre-headless | java6-runtime- headless
- Fixes CVE-2008-2938: Directory traversal vulnerability (LP: #256802)
- Fixes CVE-2008-2370: Information disclosure vulnerability (LP: #256922)
- Fixes CVE-2008-1232: XSS through sendError vulnerability (LP: #256926)
* Dropped CVE-2008-1947.patch (fix is shipped in this upstream release)
* control: Improve short descriptions for the binary packages
* copyright: Added link to /usr/share/
* control: To pull the right JRE, libtomcat6-java now depends on
default-
-- Thierry Carrez <email address hidden> Fri, 22 Aug 2008 09:15:11 +0200