tomcat6 6.0.28-10ubuntu2.2 source package in Ubuntu
Changelog
tomcat6 (6.0.28-10ubuntu2.2) natty-security; urgency=low
* SECURITY UPDATE: information disclosure via log file
- debian/patches/0015-CVE-2011-2204.patch: fix logging in
java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java,
java/org/apache/catalina/users/MemoryUserDatabase.java,
java/org/apache/catalina/users/MemoryUser.java.
- CVE-2011-2204
* SECURITY UPDATE: file restriction bypass or denial of service via
untrusted web application.
- debian/patches/0016-CVE-2011-2526.patch: check canonical name in
java/org/apache/catalina/connector/LocalStrings.properties,
java/org/apache/catalina/connector/Request.java,
java/org/apache/catalina/servlets/DefaultServlet.java,
java/org/apache/coyote/http11/Http11AprProcessor.java,
java/org/apache/coyote/http11/LocalStrings.properties,
java/org/apache/tomcat/util/net/AprEndpoint.java,
java/org/apache/tomcat/util/net/NioEndpoint.java.
- CVE-2011-2526
* SECURITY UPDATE: AJP request spoofing and authentication bypass
(LP: #843701)
- debian/patches/0017-CVE-2011-3190.patch: Properly handle request
bodies in java/org/apache/coyote/ajp/AjpAprProcessor.java,
java/org/apache/coyote/ajp/AjpProcessor.java.
- CVE-2011-3190
* SECURITY UPDATE: HTTP DIGEST authentication weaknesses
- debian/patches/0018-CVE-2011-1184.patch: add new nonce options in
java/org/apache/catalina/authenticator/DigestAuthenticator.java,
java/org/apache/catalina/authenticator/LocalStrings.properties,
java/org/apache/catalina/authenticator/mbeans-descriptors.xml,
java/org/apache/catalina/realm/RealmBase.java,
webapps/docs/config/valve.xml.
- CVE-2011-1184
-- Marc Deslauriers <email address hidden> Mon, 26 Sep 2011 11:27:14 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Natty
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- java
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| tomcat6_6.0.28.orig.tar.gz | 3.0 MiB | 4a871c7725aacaa575996b8ef5d4c9bc675586cc4061729b5ce73cd3438e7e06 |
| tomcat6_6.0.28-10ubuntu2.2.debian.tar.gz | 55.1 KiB | 3c90ecb18fc647789d0ac0ad9b4c13ace982ff38995fe970e1b7d1979271c9f4 |
| tomcat6_6.0.28-10ubuntu2.2.dsc | 2.3 KiB | d1f09d8ad4cc994f611ad9c781ceb32ce2f3a1a45b811e11929d1ab8d016089b |
Available diffs
Binary packages built by this source
- libservlet2.5-java: No summary available for libservlet2.5-java in ubuntu natty.
No description available for libservlet2.5-java in ubuntu natty.
- libservlet2.5-java-doc: No summary available for libservlet2.5-java-doc in ubuntu natty.
No description available for libservlet2.
5-java- doc in ubuntu natty.
- libtomcat6-java: No summary available for libtomcat6-java in ubuntu natty.
No description available for libtomcat6-java in ubuntu natty.
- tomcat6: No summary available for tomcat6 in ubuntu natty.
No description available for tomcat6 in ubuntu natty.
- tomcat6-admin: No summary available for tomcat6-admin in ubuntu natty.
No description available for tomcat6-admin in ubuntu natty.
- tomcat6-common: No summary available for tomcat6-common in ubuntu natty.
No description available for tomcat6-common in ubuntu natty.
- tomcat6-docs: No summary available for tomcat6-docs in ubuntu natty.
No description available for tomcat6-docs in ubuntu natty.
- tomcat6-examples: No summary available for tomcat6-examples in ubuntu natty.
No description available for tomcat6-examples in ubuntu natty.
- tomcat6-user: No summary available for tomcat6-user in ubuntu natty.
No description available for tomcat6-user in ubuntu natty.
