Ubuntu
tomcat7 package

  1. Bug #1262204
  2. Comment #3

Comment 3 for bug 1262204

Revision history for this message
Michael Basse (michael-alpha-unix) wrote :

No because there is no newer tomcat7 version. Last version is from Tue, 19 Mar 2013 14:48:19 +0100

http://changelogs.ubuntu.com/changelogs/pool/universe/t/tomcat7/tomcat7_7.0.26-1ubuntu1.2/changelog

http://packages.ubuntu.com/precise/tomcat7

tomcat7 (7.0.26-1ubuntu1.2) precise-security; urgency=low

  [Christian Kuersteiner]
  * SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
    (LP: #1115053)
    - debian/patches/0013-CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
      Service. Based on upstream patch.
    - CVE-2012-2733
    - debian/patches/0014-CVE-2012-3546.patch: Fix for bypass of security
      constraints. Based on upstream patch.
    - CVE-2012-3546
    - debian/patches/0015-CVE-2012-4431.patch: Fix for bypass of CSRF prevention
      filter. Based on upstream patch.
    - CVE-2012-4431
    - debian/patches/0016-CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
      Service Vulnerability. Based on upstream patch.
    - CVE-2012-4534
    - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
      weaknesses. Based on upstream patch.
    - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887

  [ Jamie Strandboge ]
  * allow for easily running the testsuite:
    - debian/control: add testsuite build-depends
    - debian/rules:
      + add 'testsuite' target
      + add ANT_TS_ARGS for use in the testsuite target
      + cleanup the testsuite
    - add debian/README.source for information on how to use the testsuite

 -- Christian Kuersteiner <email address hidden> Tue, 19 Mar 2013 14:48:19 +0100