Format: 1.8 Date: Thu, 24 Mar 2011 10:10:09 -0400 Source: tomcat6 Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs Architecture: all Version: 6.0.28-2ubuntu1.2 Distribution: maverick Urgency: low Maintainer: Ubuntu/i386 Build Daemon Changed-By: Marc Deslauriers Description: libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation libtomcat6-java - Servlet and JSP engine -- core libraries tomcat6 - Servlet and JSP engine tomcat6-admin - Servlet and JSP engine -- admin web applications tomcat6-common - Servlet and JSP engine -- common files tomcat6-docs - Servlet and JSP engine -- documentation tomcat6-examples - Servlet and JSP engine -- example web applications tomcat6-user - Servlet and JSP engine -- tools to create user instances Launchpad-Bugs-Fixed: 714239 717396 Changes: tomcat6 (6.0.28-2ubuntu1.2) maverick-security; urgency=low . * SECURITY UPDATE: directory traversal via incorrect ServetContext attribute (LP: #717396) - debian/patches/0012-CVE-2010-3718.patch: mark as read only in java/org/apache/catalina/core/StandardContext.java. - CVE-2010-3718 * SECURITY UPDATE: cross-site scripting in HTML Manager interface - debian/patches/0013-CVE-2011-0013.patch: properly filter values in java/org/apache/catalina/manager/{HTMLManagerServlet.java, StatusTransformer.java}. - CVE-2011-0013 * SECURITY UPDATE: denial of service via NIOS HTTP connector (LP: #714239, LP: #717396) - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in java/org/apache/coyote/http11/InternalNioInputBuffer.java. - CVE-2011-0534 Checksums-Sha1: 2228c9c949699fdac492aa8ff5d7fa11d73dc561 47558 tomcat6-common_6.0.28-2ubuntu1.2_all.deb 6f26394119c4bbb1472c96c7715ebbede1a33a75 33088 tomcat6_6.0.28-2ubuntu1.2_all.deb d05ee563ffefc9d9a544baf9192bc5bfa34d003c 26196 tomcat6-user_6.0.28-2ubuntu1.2_all.deb 1bceee54e0f3302ca1b97106f7a2577d54e036c6 3025748 libtomcat6-java_6.0.28-2ubuntu1.2_all.deb 0098d6484bba8e38ca898c81cf32015300dce5aa 191768 libservlet2.5-java_6.0.28-2ubuntu1.2_all.deb 639760420bc6b3bc84dee2c2de8cc82f293a0e2a 248152 libservlet2.5-java-doc_6.0.28-2ubuntu1.2_all.deb 3107968dade25d8fd0a2067ad39e2d39a8d41f5f 42910 tomcat6-admin_6.0.28-2ubuntu1.2_all.deb c487c8e64d07724400b96587eac6e1a111375832 161072 tomcat6-examples_6.0.28-2ubuntu1.2_all.deb 8919b34dc9ce5f7dc9d7dd36747e7ecb1e72a556 514046 tomcat6-docs_6.0.28-2ubuntu1.2_all.deb Checksums-Sha256: 428c85010cb8e17f7376cc5369b5496e46899f4a6a23ea0da89a0719a04f116c 47558 tomcat6-common_6.0.28-2ubuntu1.2_all.deb f4eca7449b12b18b6bdcfbb471f3bc954834243d3873dcbfe337c183036fade8 33088 tomcat6_6.0.28-2ubuntu1.2_all.deb ae18b875cfb79f9bff729b65da5a2e1adfb23f519b5f67d22b7dcf88b1ca3922 26196 tomcat6-user_6.0.28-2ubuntu1.2_all.deb e04acd8f0de8be02cefd8115881460cef3612c52082dd34f480c89dd213b7a92 3025748 libtomcat6-java_6.0.28-2ubuntu1.2_all.deb 0f90a2a7a7652df94193837cd5ce28c5c6f71003904190a703e48ee5f8b93530 191768 libservlet2.5-java_6.0.28-2ubuntu1.2_all.deb 4a36187258fa4c4062975dd6ae7da4008b2b7e4a80b0c53ceb111a91203bbe87 248152 libservlet2.5-java-doc_6.0.28-2ubuntu1.2_all.deb 5ece476b22e02e10c47ef9f7c38ed48721f8f909022a87a3ad685da2885dcc4c 42910 tomcat6-admin_6.0.28-2ubuntu1.2_all.deb 4fa420fc873b39f746e48cf4ac86b2a13b529af47ed3ea106bba69c260a286af 161072 tomcat6-examples_6.0.28-2ubuntu1.2_all.deb 89bdc7d8009bc5ca4d09eef7a0e90ac417c565ba085748efc233664fa4923f36 514046 tomcat6-docs_6.0.28-2ubuntu1.2_all.deb Files: f5e5851d790a889592ec76e39553a9a7 47558 java optional tomcat6-common_6.0.28-2ubuntu1.2_all.deb 1dbe58b7fda5951c3192f57671cb54bb 33088 java optional tomcat6_6.0.28-2ubuntu1.2_all.deb cf4d5b3b1f61f30fe244cc51d11f1c10 26196 java optional tomcat6-user_6.0.28-2ubuntu1.2_all.deb 2a472cf2b6cb4db888267bc0929d6bf3 3025748 java optional libtomcat6-java_6.0.28-2ubuntu1.2_all.deb 6825151048eb76f3e689a544c8556b02 191768 java optional libservlet2.5-java_6.0.28-2ubuntu1.2_all.deb d369aba28ffd0f4915cdfa5df802e8b2 248152 doc optional libservlet2.5-java-doc_6.0.28-2ubuntu1.2_all.deb 2ece5f8876f3af69148d6e43fc76d5d5 42910 java optional tomcat6-admin_6.0.28-2ubuntu1.2_all.deb ce091b828050a221a1b79665a3e36e9b 161072 java optional tomcat6-examples_6.0.28-2ubuntu1.2_all.deb 759531246db94fed8d60aa3acf875e9a 514046 doc optional tomcat6-docs_6.0.28-2ubuntu1.2_all.deb Original-Maintainer: Debian Java Maintainers