Ubuntu
tomcat6 package

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #260016
Comment #3

Comment 3 for bug 260016

Revision history for this message

Thierry Carrez (ttx) wrote on 2008-08-21:

tomcat6-6.0.18-0ubuntu1.interdiff Edit (17.9 KiB, text/plain)

New consolidated interdiff for simplified review

I added a Depends fix, so here are the new files.

tomcat6 (6.0.18-0ubuntu1) intrepid; urgency=low

  * New upstream version (LP: #260016)
    - Fixes CVE-2008-2938: Directory traversal vulnerability (LP: #256802)
    - Fixes CVE-2008-2370: Information disclosure vulnerability (LP: #256922)
    - Fixes CVE-2008-1232: XSS through sendError vulnerability (LP: #256926)
  * Dropped CVE-2008-1947.patch (fix is shipped in this upstream release)
  * control: Improve short descriptions for the binary packages
  * copyright: Added link to /usr/share/common-licenses/Apache-2.0
  * control: To pull the right JRE, libtomcat6-java now depends on default-jre-headless | java5-runtime-headless

Ubuntutomcat6 package

Comment 3 for bug 260016

Ubuntu
tomcat6 package