Ubuntu
tomcat6 package

Bug #714239
Comment #5

Comment 5 for bug 714239

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-03-29:

This bug was fixed in the package tomcat6 - 6.0.24-2ubuntu1.7

---------------
tomcat6 (6.0.24-2ubuntu1.7) lucid-security; urgency=low

  * SECURITY UPDATE: directory traversal via incorrect ServetContext
    attribute (LP: #717396)
    - debian/patches/0012-CVE-2010-3718.patch: mark as read only in
      java/org/apache/catalina/core/StandardContext.java.
    - CVE-2010-3718
  * SECURITY UPDATE: cross-site scripting in HTML Manager interface
    - debian/patches/0013-CVE-2011-0013.patch: properly filter values in
      java/org/apache/catalina/manager/{HTMLManagerServlet.java,
      StatusTransformer.java}.
    - CVE-2011-0013
  * SECURITY UPDATE: denial of service via NIOS HTTP connector
    (LP: #714239, LP: #717396)
    - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in
      java/org/apache/coyote/http11/InternalNioInputBuffer.java.
    - CVE-2011-0534
-- Marc Deslauriers <email address hidden> Thu, 24 Mar 2011 11:08:39 -0400

Ubuntutomcat6 package

Comment 5 for bug 714239

Ubuntu
tomcat6 package