Ubuntu

“tomcat6” 6.0.35-1ubuntu3.2 source package in The Precise Pangolin

Publishing history

6.0.35-1ubuntu3.2
SUPERSEDED: Precise pocket Updates in component main and section web
  • Removed from disk on 2013-05-29.
  • Removal requested on 2013-05-29.
  • Superseded on 2013-05-28 by tomcat6 - 6.0.35-1ubuntu3.3
  • Published on 2013-01-14
  • Copied from ubuntu precise in Private PPA for Ubuntu Security Team by Ubuntu Archive Robot
6.0.35-1ubuntu3.2
SUPERSEDED: Precise pocket Security in component main and section web
  • Removed from disk on 2013-05-29.
  • Removal requested on 2013-05-29.
  • Superseded on 2013-05-28 by tomcat6 - 6.0.35-1ubuntu3.3
  • Published on 2013-01-14
  • Copied from ubuntu precise in Private PPA for Ubuntu Security Team by Marc Deslauriers

Changelog

tomcat6 (6.0.35-1ubuntu3.2) precise-security; urgency=low

  * SECURITY UPDATE: security-constraint bypass with FORM auth
    - debian/patches/CVE-2012-3546.patch: remove unneeded code in
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2012-3546
  * SECURITY UPDATE: CSRF bypass via request with no session identifier
    - debian/patches/CVE-2012-4431.patch: check for session identifier in
      java/org/apache/catalina/filters/CsrfPreventionFilter.java.
    - CVE-2012-4431
  * SECURITY UPDATE: denial of service with NIO connector
    - debian/patches/CVE-2012-4534.patch: properly handle connection breaks
      in java/org/apache/tomcat/util/net/NioEndpoint.java.
    - CVE-2012-4534
 -- Marc Deslauriers <email address hidden>   Thu, 10 Jan 2013 09:51:09 -0500