Ubuntu

“tomcat6” 6.0.35-1ubuntu3.1 source package in The Precise Pangolin

Publishing history

6.0.35-1ubuntu3.1
SUPERSEDED: Precise pocket Updates in component main and section web
  • Removed from disk on 2013-01-15.
  • Removal requested on 2013-01-15.
  • Superseded on 2013-01-14 by tomcat6 - 6.0.35-1ubuntu3.2
  • Published on 2012-11-21
  • Copied from ubuntu precise in Private PPA for Ubuntu Security Team by Ubuntu Archive Robot
6.0.35-1ubuntu3.1
SUPERSEDED: Precise pocket Security in component main and section web
  • Removed from disk on 2013-01-15.
  • Removal requested on 2013-01-15.
  • Superseded on 2013-01-14 by tomcat6 - 6.0.35-1ubuntu3.2
  • Published on 2012-11-21
  • Copied from ubuntu precise in Private PPA for Ubuntu Security Team by Marc Deslauriers

Changelog

tomcat6 (6.0.35-1ubuntu3.1) precise-security; urgency=low

  * SECURITY UPDATE: denial of service via large header data
    - debian/patches/0012-CVE-2012-2733.patch: improve size logic in
      java/org/apache/coyote/http11/InternalNioInputBuffer.java.
    - CVE-2012-2733
  * SECURITY UPDATE: multiple HTTP Digest Access Authentication flaws
    - debian/patches/0013-CVE-2012-588x.patch: disable caching of an
      authenticated user in the session by default, track server rather
      than client nonces, better handling of stale nonce values in
      java/org/apache/catalina/authenticator/DigestAuthenticator.java.
    - CVE-2012-3439
    - CVE-2012-5885
    - CVE-2012-5886
    - CVE-2012-5887
 -- Marc Deslauriers <email address hidden>   Wed, 21 Nov 2012 10:36:18 -0500