tomcat6 6.0.18-0ubuntu6.1 source package in Ubuntu

Changelog

tomcat6 (6.0.18-0ubuntu6.1) jaunty-security; urgency=low

  * SECURITY UPDATE: security bypass via specially crafted request
    - debian/patches/security-CVE-2008-5515.patch: use only a single
      normalise implementation in:
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/core/{ApplicationContext,ApplicationHttpRequest}.java,
      java/org/apache/catalina/servlets/WebdavServlet.java,
      java/org/apache/catalina/ssi/{SSIServletExternalResolver,SSIServletRequestUtil}.java,
      java/org/apache/catalina/util/RequestUtil.java,
      java/org/apache/naming/resources/FileDirContext.java
    - CVE-2008-5515
  * SECURITY UPDATE: denial of service via request with invalid headers
    - debian/patches/security-CVE-2009-0033.patch: make sure we return
      400 to the browser in
      java/org/apache/jk/common/{ChannelNioSocket,ChannelSocket,HandlerRequest}.java
    - CVE-2009-0033
  * SECURITY UPDATE: valid username enumeration via improper error checking
    - debian/patches/security-CVE-2009-0580.patch: make sure we have valid
      credentials in java/org/apache/catalina/realm/{DataSourceRealm,JDBCRealm,MemoryRealm}.java
    - CVE-2009-0580
  * SECURITY UPDATE: cross-site scripting in calendar example application
    (LP: #341278)
    - debian/patches/security-CVE-2009-0781.patch: properly quote value in
      webapps/examples/jsp/cal/cal2.jsp
    - CVE-2009-0781
  * SECURITY UPDATE: information disclosure via XML parser replacement
    - debian/patches/security-CVE-2009-0783.patch: create digesters and
      parsers earlier and don't use xml-parser from web-app in
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/startup/{LocalStrings.properties,TldConfig.java}
    - CVE-2009-0783

 -- Marc Deslauriers <email address hidden>   Wed, 10 Jun 2009 08:31:31 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2009-06-10
Uploaded to:
Jaunty
Original maintainer:
Ubuntu Development Team
Architectures:
all
Section:
web
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Jaunty: [FULLYBUILT] i386

Downloads

File Size SHA-256 Checksum
tomcat6_6.0.18.orig.tar.gz 3.3 MiB f5ad5dd12e221d75e25234ca734fb434cf45f3fcea93623232a73dc9bfd03dc4
tomcat6_6.0.18-0ubuntu6.1.diff.gz 24.2 KiB e0e9a45f2191f2aaf01c28a0e4f178f54a408a8aeb138750c8d238efcc387899
tomcat6_6.0.18-0ubuntu6.1.dsc 1.4 KiB 63e3012eae78d85cb3cbb64e01f604aaf6853f1626e824618175b9b6be90b215

View changes file

Binary packages built by this source

libservlet2.5-java: No summary available for libservlet2.5-java in ubuntu jaunty.

No description available for libservlet2.5-java in ubuntu jaunty.

libservlet2.5-java-doc: No summary available for libservlet2.5-java-doc in ubuntu jaunty.

No description available for libservlet2.5-java-doc in ubuntu jaunty.

libtomcat6-java: No summary available for libtomcat6-java in ubuntu jaunty.

No description available for libtomcat6-java in ubuntu jaunty.

tomcat6: No summary available for tomcat6 in ubuntu jaunty.

No description available for tomcat6 in ubuntu jaunty.

tomcat6-admin: No summary available for tomcat6-admin in ubuntu jaunty.

No description available for tomcat6-admin in ubuntu jaunty.

tomcat6-common: No summary available for tomcat6-common in ubuntu jaunty.

No description available for tomcat6-common in ubuntu jaunty.

tomcat6-docs: No summary available for tomcat6-docs in ubuntu jaunty.

No description available for tomcat6-docs in ubuntu jaunty.

tomcat6-examples: No summary available for tomcat6-examples in ubuntu jaunty.

No description available for tomcat6-examples in ubuntu jaunty.

tomcat6-user: No summary available for tomcat6-user in ubuntu jaunty.

No description available for tomcat6-user in ubuntu jaunty.