This bug was fixed in the package tomcat6 - 6.0.20-2ubuntu2.4
--------------- tomcat6 (6.0.20-2ubuntu2.4) karmic-security; urgency=low
* SECURITY UPDATE: directory traversal via incorrect ServetContext attribute (LP: #717396) - debian/patches/0012-CVE-2010-3718.patch: mark as read only in java/org/apache/catalina/core/StandardContext.java. - CVE-2010-3718 * SECURITY UPDATE: cross-site scripting in HTML Manager interface - debian/patches/0013-CVE-2011-0013.patch: properly filter values in java/org/apache/catalina/manager/{HTMLManagerServlet.java, StatusTransformer.java}. - CVE-2011-0013 * SECURITY UPDATE: denial of service via NIOS HTTP connector (LP: #714239, LP: #717396) - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in java/org/apache/coyote/http11/InternalNioInputBuffer.java. - CVE-2011-0534 -- Marc Deslauriers <email address hidden> Thu, 24 Mar 2011 13:58:06 -0400
This bug was fixed in the package tomcat6 - 6.0.20-2ubuntu2.4
---------------
tomcat6 (6.0.20-2ubuntu2.4) karmic-security; urgency=low
* SECURITY UPDATE: directory traversal via incorrect ServetContext patches/ 0012-CVE- 2010-3718. patch: mark as read only in org/apache/ catalina/ core/StandardCo ntext.java. patches/ 0013-CVE- 2011-0013. patch: properly filter values in org/apache/ catalina/ manager/ {HTMLManagerSer vlet.java, nsformer. java}. patches/ 0014-CVE- 2011-0534. patch: enforce proper size in org/apache/ coyote/ http11/ InternalNioInpu tBuffer. java.
attribute (LP: #717396)
- debian/
java/
- CVE-2010-3718
* SECURITY UPDATE: cross-site scripting in HTML Manager interface
- debian/
java/
StatusTra
- CVE-2011-0013
* SECURITY UPDATE: denial of service via NIOS HTTP connector
(LP: #714239, LP: #717396)
- debian/
java/
- CVE-2011-0534
-- Marc Deslauriers <email address hidden> Thu, 24 Mar 2011 13:58:06 -0400