tomcat6 6.0.24-2ubuntu1.9 source package in Ubuntu

Changelog

tomcat6 (6.0.24-2ubuntu1.9) lucid-security; urgency=low

  * SECURITY UPDATE: information disclosure via log file
    - debian/patches/0015-CVE-2011-2204.patch: fix logging in
      java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java,
      java/org/apache/catalina/users/MemoryUserDatabase.java,
      java/org/apache/catalina/users/MemoryUser.java.
    - CVE-2011-2204
  * SECURITY UPDATE: file restriction bypass or denial of service via
    untrusted web application.
    - debian/patches/0016-CVE-2011-2526.patch: check canonical name in
      java/org/apache/catalina/connector/LocalStrings.properties,
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/LocalStrings.properties,
      java/org/apache/tomcat/util/net/AprEndpoint.java,
      java/org/apache/tomcat/util/net/NioEndpoint.java.
    - CVE-2011-2526
  * SECURITY UPDATE: AJP request spoofing and authentication bypass
    (LP: #843701)
    - debian/patches/0017-CVE-2011-3190.patch: Properly handle request
      bodies in java/org/apache/coyote/ajp/AjpAprProcessor.java,
      java/org/apache/coyote/ajp/AjpProcessor.java.
    - CVE-2011-3190
  * SECURITY UPDATE: HTTP DIGEST authentication weaknesses
    - debian/patches/0018-CVE-2011-1184.patch: add new nonce options in
      java/org/apache/catalina/authenticator/DigestAuthenticator.java,
      java/org/apache/catalina/authenticator/LocalStrings.properties,
      java/org/apache/catalina/authenticator/mbeans-descriptors.xml,
      java/org/apache/catalina/realm/RealmBase.java,
      webapps/docs/config/valve.xml.
    - CVE-2011-1184
 -- Marc Deslauriers <email address hidden>   Mon, 26 Sep 2011 11:53:28 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2011-09-26
Uploaded to:
Lucid
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
java
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Lucid: [FULLYBUILT] i386

Downloads

File Size SHA-256 Checksum
tomcat6_6.0.24.orig.tar.gz 3.1 MiB 376c1fa6241c1c32e64985782a7d3e21236ec553b7097b875cb59276985cc55e
tomcat6_6.0.24-2ubuntu1.9.debian.tar.gz 45.5 KiB 02229b83da308549ac6c6ce8d1e67371c0dc2ee134026aa23d9041b77ba23aa5
tomcat6_6.0.24-2ubuntu1.9.dsc 2.3 KiB 21c426f79775556eb575c5639786f4aafa6224bb8dfd5c57cb7e49a826904943

View changes file

Binary packages built by this source

libservlet2.5-java: No summary available for libservlet2.5-java in ubuntu lucid.

No description available for libservlet2.5-java in ubuntu lucid.

libservlet2.5-java-doc: No summary available for libservlet2.5-java-doc in ubuntu lucid.

No description available for libservlet2.5-java-doc in ubuntu lucid.

libtomcat6-java: No summary available for libtomcat6-java in ubuntu lucid.

No description available for libtomcat6-java in ubuntu lucid.

tomcat6: No summary available for tomcat6 in ubuntu lucid.

No description available for tomcat6 in ubuntu lucid.

tomcat6-admin: No summary available for tomcat6-admin in ubuntu lucid.

No description available for tomcat6-admin in ubuntu lucid.

tomcat6-common: No summary available for tomcat6-common in ubuntu lucid.

No description available for tomcat6-common in ubuntu lucid.

tomcat6-docs: No summary available for tomcat6-docs in ubuntu lucid.

No description available for tomcat6-docs in ubuntu lucid.

tomcat6-examples: No summary available for tomcat6-examples in ubuntu lucid.

No description available for tomcat6-examples in ubuntu lucid.

tomcat6-user: No summary available for tomcat6-user in ubuntu lucid.

No description available for tomcat6-user in ubuntu lucid.