Ubuntu

“tomcat6” 6.0.32-5ubuntu1.3 source package in The Oneiric Ocelot

Publishing history

6.0.32-5ubuntu1.3
SUPERSEDED: Oneiric pocket Updates in component main and section java
  • Removed from disk on 2013-01-15.
  • Removal requested on 2013-01-15.
  • Superseded on 2013-01-14 by tomcat6 - 6.0.32-5ubuntu1.4
  • Published on 2012-11-21
  • Copied from ubuntu oneiric in Private PPA for Ubuntu Security Team by Ubuntu Archive Robot
6.0.32-5ubuntu1.3
SUPERSEDED: Oneiric pocket Security in component main and section java
  • Removed from disk on 2013-01-15.
  • Removal requested on 2013-01-15.
  • Superseded on 2013-01-14 by tomcat6 - 6.0.32-5ubuntu1.4
  • Published on 2012-11-21
  • Copied from ubuntu oneiric in Private PPA for Ubuntu Security Team by Marc Deslauriers

Changelog

tomcat6 (6.0.32-5ubuntu1.3) oneiric-security; urgency=low

  * SECURITY UPDATE: denial of service via large header data
    - debian/patches/0012-CVE-2012-2733.patch: improve size logic in
      java/org/apache/coyote/http11/InternalNioInputBuffer.java.
    - CVE-2012-2733
  * SECURITY UPDATE: multiple HTTP Digest Access Authentication flaws
    - debian/patches/0013-CVE-2012-588x.patch: disable caching of an
      authenticated user in the session by default, track server rather
      than client nonces, better handling of stale nonce values in
      java/org/apache/catalina/authenticator/DigestAuthenticator.java.
    - CVE-2012-3439
    - CVE-2012-5885
    - CVE-2012-5886
    - CVE-2012-5887
 -- Marc Deslauriers <email address hidden>   Wed, 21 Nov 2012 10:43:09 -0500