Format: 1.8 Date: Wed, 25 Jan 2012 14:09:00 -0500 Source: tomcat6 Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs Architecture: all Version: 6.0.28-2ubuntu1.6 Distribution: maverick Urgency: low Maintainer: Ubuntu/i386 Build Daemon Changed-By: Marc Deslauriers Description: libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation libtomcat6-java - Servlet and JSP engine -- core libraries tomcat6 - Servlet and JSP engine tomcat6-admin - Servlet and JSP engine -- admin web applications tomcat6-common - Servlet and JSP engine -- common files tomcat6-docs - Servlet and JSP engine -- documentation tomcat6-examples - Servlet and JSP engine -- example web applications tomcat6-user - Servlet and JSP engine -- tools to create user instances Launchpad-Bugs-Fixed: 909828 Changes: tomcat6 (6.0.28-2ubuntu1.6) maverick-security; urgency=low . * SECURITY UPDATE: denial of service via hash collision and incorrect handling of large numbers of parameters and parameter values (LP: #909828) - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling code in conf/web.xml, java/org/apache/catalina/connector/Connector.java, java/org/apache/catalina/connector/mbeans-descriptors.xml, java/org/apache/catalina/connector/Request.java, java/org/apache/catalina/filters/FailedRequestFilter.java, java/org/apache/catalina/Globals.java, java/org/apache/coyote/Request.java, java/org/apache/tomcat/util/buf/B2CConverter.java, java/org/apache/tomcat/util/buf/ByteChunk.java, java/org/apache/tomcat/util/buf/MessageBytes.java, java/org/apache/tomcat/util/buf/StringCache.java, java/org/apache/tomcat/util/http/LocalStrings.properties, java/org/apache/tomcat/util/http/Parameters.java, webapps/docs/config/ajp.xml, webapps/docs/config/http.xml. - CVE-2011-4858 - CVE-2012-0022 Checksums-Sha1: 36159ab68447c108be77f95f05fe6b2b36ff2a15 48242 tomcat6-common_6.0.28-2ubuntu1.6_all.deb 118006cd43405664da0c10ab91298243a3e01528 33864 tomcat6_6.0.28-2ubuntu1.6_all.deb 878ed4d3dd54df3957b05dfd120ea19344b47673 26940 tomcat6-user_6.0.28-2ubuntu1.6_all.deb 3667bf905a9562b5a106afad70cdf47bf1f62d22 3033816 libtomcat6-java_6.0.28-2ubuntu1.6_all.deb 4fd41c50a3def187ae1d8959211411355ad94523 192432 libservlet2.5-java_6.0.28-2ubuntu1.6_all.deb 1d1d90edc74414076ee9a504f7065e4a49d0c6ac 248764 libservlet2.5-java-doc_6.0.28-2ubuntu1.6_all.deb b29a1c49284d9424207a738f0c67c764ff77d406 43650 tomcat6-admin_6.0.28-2ubuntu1.6_all.deb dbbbdc8add24cbf3b0ee011969fd3c69e156f73c 161632 tomcat6-examples_6.0.28-2ubuntu1.6_all.deb a1dab38e292bfc3ad211597ae47e76e1ce6e3c36 515218 tomcat6-docs_6.0.28-2ubuntu1.6_all.deb Checksums-Sha256: 14edc3e6f507ec41da3bd1ceb8ca20786e0c0008be97d72a6428524923ab49dd 48242 tomcat6-common_6.0.28-2ubuntu1.6_all.deb 4e4e0f12bfe069ed291ba406c171f7fc50f4cec5edf2fc8b634a293f44506d04 33864 tomcat6_6.0.28-2ubuntu1.6_all.deb f5097ce830cb9d65a91450ea773d3a5fbc06a73000cc21db2ab97bd50aff1214 26940 tomcat6-user_6.0.28-2ubuntu1.6_all.deb 390a55d8d81c963b86a4b8665006c6f23c23811aa5fc74376be1a6289ff65f83 3033816 libtomcat6-java_6.0.28-2ubuntu1.6_all.deb a34d4358474f5b9a97e2b67bced778c32e94ffb2028ecde4cf621e4547cee351 192432 libservlet2.5-java_6.0.28-2ubuntu1.6_all.deb e776e04ab5d0f7ad049337588890c62ad1c6263111406f3f077bfc499e71df72 248764 libservlet2.5-java-doc_6.0.28-2ubuntu1.6_all.deb 778841a85b5e3ffb53f701de55302dc2e6a4b72c7dee4b825bc58645ec341dc3 43650 tomcat6-admin_6.0.28-2ubuntu1.6_all.deb 7bcd14b791040303bc293d3e9eb379311d8999901afb61d0c4193e266aa4bb6e 161632 tomcat6-examples_6.0.28-2ubuntu1.6_all.deb 76f88b3affd606714b1be39a6067471e12c79bbf0d6cf9fc3fa6d2daf1ce691d 515218 tomcat6-docs_6.0.28-2ubuntu1.6_all.deb Files: 9b768cc7b36c79b6c4ed0de9a74837a8 48242 java optional tomcat6-common_6.0.28-2ubuntu1.6_all.deb 868229bb611266896bb8d72bc38d9b77 33864 java optional tomcat6_6.0.28-2ubuntu1.6_all.deb 45fd5880e0dbccedbd29ac37a56755d8 26940 java optional tomcat6-user_6.0.28-2ubuntu1.6_all.deb 389416ba4ab21eda68ee0d7770fff2f9 3033816 java optional libtomcat6-java_6.0.28-2ubuntu1.6_all.deb 0ee4c720966ef2f14c90a684b8b9d05b 192432 java optional libservlet2.5-java_6.0.28-2ubuntu1.6_all.deb 53486cd4da5520f6178b2bcc770827a9 248764 doc optional libservlet2.5-java-doc_6.0.28-2ubuntu1.6_all.deb 60827e08e9d6ba7046361bbc4234e461 43650 java optional tomcat6-admin_6.0.28-2ubuntu1.6_all.deb 6d94cc813a46d0a677f780c4e103d4ba 161632 java optional tomcat6-examples_6.0.28-2ubuntu1.6_all.deb fe5b009321e68726c3a72f14942c6bc8 515218 doc optional tomcat6-docs_6.0.28-2ubuntu1.6_all.deb Original-Maintainer: Debian Java Maintainers