[Christian Kuersteiner]
* SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
(LP: #1115053)
- debian/patches/0013-CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
Service. Based on upstream patch.
- CVE-2012-2733
- debian/patches/0014-CVE-2012-3546.patch: Fix for bypass of security
constraints. Based on upstream patch.
- CVE-2012-3546
- debian/patches/0015-CVE-2012-4431.patch: Fix for bypass of CSRF prevention
filter. Based on upstream patch.
- CVE-2012-4431
- debian/patches/0016-CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
Service Vulnerability. Based on upstream patch.
- CVE-2012-4534
- debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
weaknesses. Based on upstream patch.
- CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887
[ Jamie Strandboge ]
* allow for easily running the testsuite:
- debian/control: add testsuite build-depends
- debian/rules:
+ add 'testsuite' target
+ add ANT_TS_ARGS for use in the testsuite target
+ cleanup the testsuite
- add debian/README.source for information on how to use the testsuite
-- Christian Kuersteiner <email address hidden> Tue, 19 Mar 2013 14:48:19 +0100
This bug was fixed in the package tomcat7 - 7.0.26-1ubuntu1.2
---------------
tomcat7 (7.0.26-1ubuntu1.2) precise-security; urgency=low
[Christian Kuersteiner] patches/ 0013-CVE- 2012-2733. patch: Fix for Apache Tomcat Denial of patches/ 0014-CVE- 2012-3546. patch: Fix for bypass of security patches/ 0015-CVE- 2012-4431. patch: Fix for bypass of CSRF prevention patches/ 0016-CVE- 2012-4534. patch: Fix for CVE-2012-4534 Denial of patches/ CVE-2012- 3439.patch: Fix for DIGEST authentication
* SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
(LP: #1115053)
- debian/
Service. Based on upstream patch.
- CVE-2012-2733
- debian/
constraints. Based on upstream patch.
- CVE-2012-3546
- debian/
filter. Based on upstream patch.
- CVE-2012-4431
- debian/
Service Vulnerability. Based on upstream patch.
- CVE-2012-4534
- debian/
weaknesses. Based on upstream patch.
- CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887
[ Jamie Strandboge ] README. source for information on how to use the testsuite
* allow for easily running the testsuite:
- debian/control: add testsuite build-depends
- debian/rules:
+ add 'testsuite' target
+ add ANT_TS_ARGS for use in the testsuite target
+ cleanup the testsuite
- add debian/
-- Christian Kuersteiner <email address hidden> Tue, 19 Mar 2013 14:48:19 +0100