Ubuntu

“tomcat6” 6.0.32-5ubuntu1.4 source package in The Oneiric Ocelot

Publishing history

6.0.32-5ubuntu1.4
PUBLISHED: Oneiric pocket Updates in component main and section java
  • Published on 2013-01-14
  • Copied from ubuntu oneiric in Private PPA for Ubuntu Security Team by Ubuntu Archive Robot
6.0.32-5ubuntu1.4
PUBLISHED: Oneiric pocket Security in component main and section java
  • Published on 2013-01-14
  • Copied from ubuntu oneiric in Private PPA for Ubuntu Security Team by Marc Deslauriers

Changelog

tomcat6 (6.0.32-5ubuntu1.4) oneiric-security; urgency=low

  * SECURITY UPDATE: security-constraint bypass with FORM auth
    - debian/patches/CVE-2012-3546.patch: remove unneeded code in
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2012-3546
  * SECURITY UPDATE: CSRF bypass via request with no session identifier
    - debian/patches/CVE-2012-4431.patch: check for session identifier in
      java/org/apache/catalina/filters/CsrfPreventionFilter.java.
    - CVE-2012-4431
  * SECURITY UPDATE: denial of service with NIO connector
    - debian/patches/CVE-2012-4534.patch: properly handle connection breaks
      in java/org/apache/tomcat/util/net/NioEndpoint.java.
    - CVE-2012-4534
 -- Marc Deslauriers <email address hidden>   Thu, 10 Jan 2013 10:00:07 -0500