Format: 1.8
Date: Wed, 29 Jun 2016 14:00:46 -0400
Source: tomcat6
Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs tomcat6-extras
Architecture: all i386_translations
Version: 6.0.35-1ubuntu3.7
Distribution: precise
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lgw01-48.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes
 libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation
 libtomcat6-java - Servlet and JSP engine -- core libraries
 tomcat6    - Servlet and JSP engine
 tomcat6-admin - Servlet and JSP engine -- admin web applications
 tomcat6-common - Servlet and JSP engine -- common files
 tomcat6-docs - Servlet and JSP engine -- documentation
 tomcat6-examples - Servlet and JSP engine -- example web applications
 tomcat6-extras - Servlet and JSP engine -- additional components
 tomcat6-user - Servlet and JSP engine -- tools to create user instances
Changes: 
 tomcat6 (6.0.35-1ubuntu3.7) precise-security; urgency=medium
 .
   * SECURITY UPDATE: directory traversal vulnerability in RequestUtil.java
     - debian/patches/CVE-2015-5174.patch: fix normalization edge cases in
       java/org/apache/tomcat/util/http/RequestUtil.java.
     - CVE-2015-5174
   * SECURITY UPDATE: information disclosure via redirects by mapper
     - debian/patches/CVE-2015-5345.patch: fix redirect logic in
       java/org/apache/catalina/Context.java,
       java/org/apache/catalina/authenticator/FormAuthenticator.java,
       java/org/apache/catalina/connector/MapperListener.java,
       java/org/apache/catalina/core/StandardContext.java,
       java/org/apache/catalina/core/mbeans-descriptors.xml,
       java/org/apache/catalina/servlets/DefaultServlet.java,
       java/org/apache/catalina/servlets/WebdavServlet.java,
       java/org/apache/tomcat/util/http/mapper/Mapper.java,
       webapps/docs/config/context.xml.
     - CVE-2015-5345
   * SECURITY UPDATE: securityManager restrictions bypass via
     StatusManagerServlet
     - debian/patches/CVE-2016-0706.patch: place servlet in restricted list
       in java/org/apache/catalina/core/RestrictedServlets.properties.
     - CVE-2016-0706
   * SECURITY UPDATE: securityManager restrictions bypass via
     session-persistence implementation
     - debian/patches/CVE-2016-0714.patch: extend the session attribute
       filtering options in
       java/org/apache/catalina/ha/session/mbeans-descriptors.xml,
       java/org/apache/catalina/session/LocalStrings.properties,
       java/org/apache/catalina/session/ManagerBase.java,
       java/org/apache/catalina/session/mbeans-descriptors.xml,
       webapps/docs/config/cluster-manager.xml,
       webapps/docs/config/manager.xml,
       java/org/apache/catalina/session/StandardManager.java,
       java/org/apache/catalina/util/CustomObjectInputStream.java.
     - CVE-2016-0714
   * SECURITY UPDATE: securityManager restrictions bypass via crafted global
     context
     - debian/patches/CVE-2016-0763.patch: protect initialization in
       java/org/apache/naming/factory/ResourceLinkFactory.java.
     - CVE-2016-0763
   * SECURITY UPDATE: denial of service in FileUpload
     - debian/patches/CVE-2016-3092.patch: properly handle size in
       java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
     - CVE-2016-3092
Checksums-Sha1: 
 3ef695d801f2c7ac9e8b694408f648ef8b03f406 41814 tomcat6-common_6.0.35-1ubuntu3.7_all.deb
 f4a1d1c7c76441fc4ce5f04dbab3535054819e35 29244 tomcat6_6.0.35-1ubuntu3.7_all.deb
 907d25c511ecd07986d636ff348b2ab4d21da349 20350 tomcat6-user_6.0.35-1ubuntu3.7_all.deb
 f26f433f9ab20882108e99a62fde181624e6af7b 3094342 libtomcat6-java_6.0.35-1ubuntu3.7_all.deb
 0b96c8ccd76dc7c3a9e83a5a572c6832903af47e 188252 libservlet2.5-java_6.0.35-1ubuntu3.7_all.deb
 377545dcf74f4e0046f5bd8bdc1277b32a94a9ce 246444 libservlet2.5-java-doc_6.0.35-1ubuntu3.7_all.deb
 ff737d6370e916a59bb3ac171e13795ede024842 41054 tomcat6-admin_6.0.35-1ubuntu3.7_all.deb
 4343a56c01d368d592eb5dc214eab3f374a6bb04 155530 tomcat6-examples_6.0.35-1ubuntu3.7_all.deb
 e45d67f94b4625f93441971307fd15ed4f82ee1f 556368 tomcat6-docs_6.0.35-1ubuntu3.7_all.deb
 017c8fd52e9609dfb9b64678620f7a6cf7a34c57 5988 tomcat6-extras_6.0.35-1ubuntu3.7_all.deb
 5f771ac256ef984b92517cbcea7eca4b7ba18ab3 7977 tomcat6_6.0.35-1ubuntu3.7_i386_translations.tar.gz
Checksums-Sha256: 
 2372d9a8e2640fd12be395d0134620f7ba4b996d69265e0f2da4d5b670ddead5 41814 tomcat6-common_6.0.35-1ubuntu3.7_all.deb
 3f1741b19a892ae9a98e81ad5fbd2f44a07d263a3a730f8eb41b854e25bfe381 29244 tomcat6_6.0.35-1ubuntu3.7_all.deb
 8a1059302d5803fc6b2bbea0c78961898db92bd39e0050d4b5d0dde6132d980b 20350 tomcat6-user_6.0.35-1ubuntu3.7_all.deb
 4507f1cad2a6da70115cbb52ae5272c9fdd62c60765e117bc7c3d5edc73d3bd1 3094342 libtomcat6-java_6.0.35-1ubuntu3.7_all.deb
 be30ae3239dd5c505c54340758eb1e00839b1e8e091d3cb9c41849b31b6123a6 188252 libservlet2.5-java_6.0.35-1ubuntu3.7_all.deb
 64401bfa9f5d1a0e1583e3f5e6e1aeef71c46e4a46316016b5fa12a90f105ec7 246444 libservlet2.5-java-doc_6.0.35-1ubuntu3.7_all.deb
 1220a7a58feec11ee9f783784e6c800a0dca10704123e077a8c111c78954965f 41054 tomcat6-admin_6.0.35-1ubuntu3.7_all.deb
 fecdd7a10dc2c24555bce8dc9949d27eababb53a99a1ab9c8887b5e66839e7a0 155530 tomcat6-examples_6.0.35-1ubuntu3.7_all.deb
 7c2c0009cf7e730acf41fef6ace9b299051153a2d2dacbe5631b8e3e477729db 556368 tomcat6-docs_6.0.35-1ubuntu3.7_all.deb
 2a1eeb303b2462953ccf6abb423c9dc01dbb49aefe614d60a7fe4f1262839c3d 5988 tomcat6-extras_6.0.35-1ubuntu3.7_all.deb
 e93a68e9097a7051e84f1ffacb75b35231ebba94b60e0871f19061921a5bc951 7977 tomcat6_6.0.35-1ubuntu3.7_i386_translations.tar.gz
Files: 
 1422949454868a247fba95597a3644d0 41814 java optional tomcat6-common_6.0.35-1ubuntu3.7_all.deb
 e8da61a66745129d7c4e873a46090a75 29244 java optional tomcat6_6.0.35-1ubuntu3.7_all.deb
 34ba712cdf600fb5434c1073373f10a3 20350 java optional tomcat6-user_6.0.35-1ubuntu3.7_all.deb
 22a065d4cea71a2ddf44c6ac6a29e6b1 3094342 java optional libtomcat6-java_6.0.35-1ubuntu3.7_all.deb
 86a33c1a3f5436f2f5085eeb6e49ee62 188252 java optional libservlet2.5-java_6.0.35-1ubuntu3.7_all.deb
 ba2c1f4229c255687580b58933d5eda9 246444 doc optional libservlet2.5-java-doc_6.0.35-1ubuntu3.7_all.deb
 ec1f2abc4fbd4c2bf4bfebd935cb7eef 41054 java optional tomcat6-admin_6.0.35-1ubuntu3.7_all.deb
 d8186c403dd0da2ff9315ea51fc8b66c 155530 java optional tomcat6-examples_6.0.35-1ubuntu3.7_all.deb
 6e4aa154f53d78604e8265a6aa4edf8d 556368 doc optional tomcat6-docs_6.0.35-1ubuntu3.7_all.deb
 6db1cb92de060da430ad8a761a88072e 5988 java optional tomcat6-extras_6.0.35-1ubuntu3.7_all.deb
 d0c98e1f0abba2b5762c53180a597478 7977 raw-translations - tomcat6_6.0.35-1ubuntu3.7_i386_translations.tar.gz
Original-Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>