tomcat6 6.0.18-0ubuntu3.2 source package in Ubuntu
Changelog
tomcat6 (6.0.18-0ubuntu3.2) intrepid-security; urgency=low
* SECURITY UPDATE: security bypass via specially crafted request
- debian/patches/security-CVE-2008-5515.patch: use only a single
normalise implementation in:
java/org/apache/catalina/connector/Request.java,
java/org/apache/catalina/core/{ApplicationContext,ApplicationHttpRequest}.java,
java/org/apache/catalina/servlets/WebdavServlet.java,
java/org/apache/catalina/ssi/{SSIServletExternalResolver,SSIServletRequestUtil}.java,
java/org/apache/catalina/util/RequestUtil.java,
java/org/apache/naming/resources/FileDirContext.java
- CVE-2008-5515
* SECURITY UPDATE: denial of service via request with invalid headers
- debian/patches/security-CVE-2009-0033.patch: make sure we return
400 to the browser in
java/org/apache/jk/common/{ChannelNioSocket,ChannelSocket,HandlerRequest}.java
- CVE-2009-0033
* SECURITY UPDATE: valid username enumeration via improper error checking
- debian/patches/security-CVE-2009-0580.patch: make sure we have valid
credentials in java/org/apache/catalina/realm/{DataSourceRealm,JDBCRealm,MemoryRealm}.java
- CVE-2009-0580
* SECURITY UPDATE: cross-site scripting in calendar example application
(LP: #341278)
- debian/patches/security-CVE-2009-0781.patch: properly quote value in
webapps/examples/jsp/cal/cal2.jsp
- CVE-2009-0781
* SECURITY UPDATE: information disclosure via XML parser replacement
- debian/patches/security-CVE-2009-0783.patch: create digesters and
parsers earlier and don't use xml-parser from web-app in
java/org/apache/catalina/core/StandardContext.java,
java/org/apache/catalina/startup/{LocalStrings.properties,TldConfig.java}
- CVE-2009-0783
-- Marc Deslauriers <email address hidden> Wed, 10 Jun 2009 09:46:33 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Intrepid
- Original maintainer:
- MOTU
- Architectures:
- all
- Section:
- web
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| tomcat6_6.0.18.orig.tar.gz | 3.3 MiB | f5ad5dd12e221d75e25234ca734fb434cf45f3fcea93623232a73dc9bfd03dc4 |
| tomcat6_6.0.18-0ubuntu3.2.diff.gz | 21.5 KiB | 0d7f785c298243919ae9369039d11164efa00a038b835cc15276e6cb94cf90a4 |
| tomcat6_6.0.18-0ubuntu3.2.dsc | 1.3 KiB | 868db9d1e5e9ec8e3dd3792e1939c479fea7156b0f8c97532d031fb257947a62 |
Available diffs
Binary packages built by this source
- libservlet2.5-java: No summary available for libservlet2.5-java in ubuntu intrepid.
No description available for libservlet2.5-java in ubuntu intrepid.
- libtomcat6-java: No summary available for libtomcat6-java in ubuntu intrepid.
No description available for libtomcat6-java in ubuntu intrepid.
- tomcat6: No summary available for tomcat6 in ubuntu intrepid.
No description available for tomcat6 in ubuntu intrepid.
- tomcat6-admin: No summary available for tomcat6-admin in ubuntu intrepid.
No description available for tomcat6-admin in ubuntu intrepid.
- tomcat6-common: No summary available for tomcat6-common in ubuntu intrepid.
No description available for tomcat6-common in ubuntu intrepid.
- tomcat6-docs: No summary available for tomcat6-docs in ubuntu intrepid.
No description available for tomcat6-docs in ubuntu intrepid.
- tomcat6-examples: No summary available for tomcat6-examples in ubuntu intrepid.
No description available for tomcat6-examples in ubuntu intrepid.
- tomcat6-user: No summary available for tomcat6-user in ubuntu intrepid.
No description available for tomcat6-user in ubuntu intrepid.
