tomcat7 7.0.52-1ubuntu0.6 source package in Ubuntu
Changelog
tomcat7 (7.0.52-1ubuntu0.6) trusty-security; urgency=medium * SECURITY UPDATE: directory traversal vulnerability in RequestUtil.java - debian/patches/CVE-2015-5174.patch: fix normalization edge cases in java/org/apache/tomcat/util/http/RequestUtil.java, test/org/apache/tomcat/util/http/TestRequestUtil.java. - CVE-2015-5174 * SECURITY UPDATE: information disclosure via redirects by mapper - debian/patches/CVE-2015-5345.patch: fix redirect logic in java/org/apache/catalina/Context.java, java/org/apache/catalina/authenticator/FormAuthenticator.java, java/org/apache/catalina/core/StandardContext.java, java/org/apache/catalina/core/mbeans-descriptors.xml, java/org/apache/catalina/servlets/DefaultServlet.java, java/org/apache/catalina/servlets/WebdavServlet.java, java/org/apache/catalina/startup/FailedContext.java, java/org/apache/tomcat/util/http/mapper/Mapper.java, test/org/apache/catalina/startup/TomcatBaseTest.java, webapps/docs/config/context.xml, test/org/apache/catalina/core/TesterContext.java. - CVE-2015-5345 * SECURITY UPDATE: session fixation vulnerability - debian/patches/CVE-2015-5346.patch: handle different session settings in java/org/apache/catalina/connector/CoyoteAdapter.java, java/org/apache/catalina/connector/Request.java. - CVE-2015-5346 * SECURITY UPDATE: CSRF protection mechanism bypass - debian/patches/CVE-2015-5351.patch: don't create sessions unnecessarily in webapps/host-manager/WEB-INF/jsp/401.jsp, webapps/host-manager/WEB-INF/jsp/403.jsp, webapps/host-manager/WEB-INF/jsp/404.jsp, webapps/host-manager/index.jsp, webapps/manager/WEB-INF/web.xml, webapps/manager/index.jsp. - CVE-2015-5351 * SECURITY UPDATE: securityManager restrictions bypass via StatusManagerServlet - debian/patches/CVE-2016-0706.patch: place servlet in restricted list in java/org/apache/catalina/core/RestrictedServlets.properties. - CVE-2016-0706 * SECURITY UPDATE: securityManager restrictions bypass via session-persistence implementation - debian/patches/CVE-2016-0714.patch: extend the session attribute filtering options in java/org/apache/catalina/ha/session/ClusterManagerBase.java java/org/apache/catalina/ha/session/mbeans-descriptors.xml, java/org/apache/catalina/session/LocalStrings.properties, java/org/apache/catalina/session/ManagerBase.java, java/org/apache/catalina/session/StandardManager.java, java/org/apache/catalina/session/mbeans-descriptors.xml, java/org/apache/catalina/util/CustomObjectInputStream.java, java/org/apache/catalina/util/LocalStrings.properties, webapps/docs/config/cluster-manager.xml, webapps/docs/config/manager.xml. - CVE-2016-0714 * SECURITY UPDATE: securityManager restrictions bypass via crafted global context - debian/patches/CVE-2016-0763.patch: protect initialization in java/org/apache/naming/factory/ResourceLinkFactory.java. - CVE-2016-0763 * SECURITY UPDATE: denial of service in FileUpload - debian/patches/CVE-2016-3092.patch: properly handle size in java/org/apache/tomcat/util/http/fileupload/MultipartStream.java. - CVE-2016-3092 * debian/patches/fix_cookie_names_in_tests.patch: fix FTBFS by removing colons in cookie names which is illegal in newer java versions in test/org/apache/catalina/authenticator/*.java. -- Marc Deslauriers <email address hidden> Wed, 29 Jun 2016 12:50:02 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Trusty
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- java
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
tomcat7_7.0.52.orig.tar.gz | 4.1 MiB | feaf30f38df1cda467ce04ceec09a4e06ad8cf499cc800fa1ece74ef836cedb1 |
tomcat7_7.0.52-1ubuntu0.6.debian.tar.gz | 105.0 KiB | 5f190fd8365bafffbf90e4da9b402037ed79203973155b0314f955c25d70ba12 |
tomcat7_7.0.52-1ubuntu0.6.dsc | 2.7 KiB | da51b4ab8acd32132849d1867b0ce61b84a906daa060527c2024d0465ddec11b |
Available diffs
Binary packages built by this source
- libservlet3.0-java: Servlet 3.0 and JSP 2.2 Java API classes
Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
specifications from Sun Microsystems, and provides a "pure Java" HTTP web
server environment for Java code to run.
.
This package contains the Java Servlet and JSP library.
- libservlet3.0-java-doc: Servlet 3.0 and JSP 2.2 Java API documentation
Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
specifications from Sun Microsystems, and provides a "pure Java" HTTP web
server environment for Java code to run.
.
This package contains the documentation for the Java Servlet and JSP library.
- libtomcat7-java: Servlet and JSP engine -- core libraries
Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
specifications from Sun Microsystems, and provides a "pure Java" HTTP web
server environment for Java code to run.
.
This package contains the Tomcat core classes which can be used by other
Java applications to embed Tomcat.
- tomcat7: Servlet and JSP engine
Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
specifications from Sun Microsystems, and provides a "pure Java" HTTP web
server environment for Java code to run.
.
This package contains only the startup scripts for the system-wide daemon.
No documentation or web applications are included here, please install
the tomcat7-docs and tomcat7-examples packages if you want them.
Install the authbind package if you need to use Tomcat on ports 1-1023.
Install tomcat7-user instead of this package if you don't want Tomcat to
start as a service.
- tomcat7-admin: Servlet and JSP engine -- admin web applications
Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
specifications from Sun Microsystems, and provides a "pure Java" HTTP web
server environment for Java code to run.
.
This package contains the administrative web interfaces.
- tomcat7-common: Servlet and JSP engine -- common files
Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
specifications from Sun Microsystems, and provides a "pure Java" HTTP web
server environment for Java code to run.
.
This package contains common files needed by the tomcat7 and tomcat7-user
packages (Tomcat 6 scripts and libraries).
- tomcat7-docs: Servlet and JSP engine -- documentation
Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
specifications from Sun Microsystems, and provides a "pure Java" HTTP web
server environment for Java code to run.
.
This package contains the online documentation web application.
- tomcat7-examples: Servlet and JSP engine -- example web applications
Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
specifications from Sun Microsystems, and provides a "pure Java" HTTP web
server environment for Java code to run.
.
This package contains the default Tomcat example webapps.
- tomcat7-user: Servlet and JSP engine -- tools to create user instances
Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
specifications from Sun Microsystems, and provides a "pure Java" HTTP web
server environment for Java code to run.
.
This package contains files needed to create a user Tomcat instance.
This user Tomcat instance can be started and stopped using the scripts
provided in the Tomcat instance directory.