Publishing details

• Removed from disk on 2015-06-26.
• Removal requested on 2015-06-26.
• Superseded on 2015-06-25 by tomcat7 - 7.0.52-1ubuntu0.3
• Published on 2014-07-30
• Copied from ubuntu trusty in Private PPA for Ubuntu Security Team by Ubuntu Archive Robot

Changelog

tomcat7 (7.0.52-1ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via malformed chunk size
    - debian/patches/CVE-2014-0075.patch: fix overflow and added tests to
      java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
      test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java.
    - CVE-2014-0075
  * SECURITY UPDATE: file disclosure via XXE issue
    - debian/patches/CVE-2014-0096.patch: change globalXsltFile to be a
      relative path in conf/web.xml,
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/LocalStrings.properties,
      webapps/docs/default-servlet.xml.
    - CVE-2014-0096
  * SECURITY UPDATE: HTTP request smuggling attack via crafted
    Content-Length HTTP header
    - debian/patches/CVE-2014-0099.patch: correctly handle long values in
      java/org/apache/tomcat/util/buf/Ascii.java, added test to
      test/org/apache/tomcat/util/buf/TestAscii.java.
    - CVE-2014-0099
 -- Marc Deslauriers <email address hidden>   Thu, 24 Jul 2014 13:24:54 -0400

Builds

• i386

Package files

• libservlet3.0-java-doc_7.0.52-1ubuntu0.1_all.deb (188.5 KiB)
• libservlet3.0-java_7.0.52-1ubuntu0.1_all.deb (286.4 KiB)
• libtomcat7-java_7.0.52-1ubuntu0.1_all.deb (3.5 MiB)
• tomcat7-admin_7.0.52-1ubuntu0.1_all.deb (25.0 KiB)
• tomcat7-common_7.0.52-1ubuntu0.1_all.deb (46.8 KiB)
• tomcat7-docs_7.0.52-1ubuntu0.1_all.deb (534.0 KiB)
• tomcat7-examples_7.0.52-1ubuntu0.1_all.deb (176.7 KiB)
• tomcat7-user_7.0.52-1ubuntu0.1_all.deb (23.6 KiB)
• tomcat7_7.0.52-1ubuntu0.1.debian.tar.gz (55.7 KiB)
• tomcat7_7.0.52-1ubuntu0.1.dsc (2.7 KiB)
• tomcat7_7.0.52-1ubuntu0.1_all.deb (34.8 KiB)
• tomcat7_7.0.52.orig.tar.gz (4.1 MiB)