Format: 1.8 Date: Fri, 15 Mar 2013 15:40:27 -0700 Source: tomcat7 Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs Architecture: all Version: 7.0.21-1ubuntu0.1 Distribution: oneiric Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Christian Kuersteiner Description: libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation libtomcat7-java - Servlet and JSP engine -- core libraries tomcat7 - Servlet and JSP engine tomcat7-admin - Servlet and JSP engine -- admin web applications tomcat7-common - Servlet and JSP engine -- common files tomcat7-docs - Servlet and JSP engine -- documentation tomcat7-examples - Servlet and JSP engine -- example web applications tomcat7-user - Servlet and JSP engine -- tools to create user instances Launchpad-Bugs-Fixed: 1115053 Changes: tomcat7 (7.0.21-1ubuntu0.1) oneiric-security; urgency=low . [Christian Kuersteiner] * SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7 (LP: #1115053) - debian/patches/CVE-2012-0022.patch: Fix for Denial of service. Based on upstream patch. - CVE-2012-0022, CVE-2011-4858 - debian/patches/CVE-2011-3375.patch: Fix for information disclosure. Based on upstream patch. - CVE-2011-3375 - debian/patches/CVE-2011-3376.patch: Fix for privilege escalation. Based on upstream patch. - CVE-2011-3376 - debian/patches/CVE-2012-2733.patch: Fix for Apache Tomcat Denial of Service. Based on upstream patch. - CVE-2012-2733 - debian/patches/CVE-2012-3546.patch: Fix for bypass of security constraints. Based on upstream patch. - CVE-2012-3546 - debian/patches/CVE-2012-4431.patch: Fix for bypass of CSRF prevention filter. Based on upstream patch. - CVE-2012-4431 - debian/patches/CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of Service Vulnerability. Based on upstream patch. - CVE-2012-4534 - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication weaknesses. Based on upstream patch. - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887 . [ Jamie Strandboge ] * allow for easily running the testsuite: - debian/control: add testsuite build-depends - debian/rules: + add 'testsuite' target + add ANT_TS_ARGS for use in the testsuite target + cleanup the testsuite - add debian/README.source for information on how to use the testsuite Checksums-Sha1: c8ce301d363ff8084025dacecbecee2c15ef8ca9 44754 tomcat7-common_7.0.21-1ubuntu0.1_all.deb 12398ccc1258e4b5e7708ddcc2dbb3ddfa910a71 38496 tomcat7_7.0.21-1ubuntu0.1_all.deb 3e67cb10c1d1a5a50f2dad67ed8f59d1a1863eb4 27758 tomcat7-user_7.0.21-1ubuntu0.1_all.deb 3c8c59c65c517ec75e4c6a2b251ff7653cbcbdcd 3360746 libtomcat7-java_7.0.21-1ubuntu0.1_all.deb 4ca29c18ebb23680157d80400e9ccf8e074b046c 291454 libservlet3.0-java_7.0.21-1ubuntu0.1_all.deb 4103f0550a52d03844d249ce59948014a08f7d21 286626 libservlet3.0-java-doc_7.0.21-1ubuntu0.1_all.deb e8ba4e07190e13098a4ff3026e2bbcb2d10e9b58 41256 tomcat7-admin_7.0.21-1ubuntu0.1_all.deb 97c3833c5064d3f99ed71434a3b9a11a01b9871c 170378 tomcat7-examples_7.0.21-1ubuntu0.1_all.deb 0c057b9f7f2ddd11942ec9cf271a24d369783451 596142 tomcat7-docs_7.0.21-1ubuntu0.1_all.deb Checksums-Sha256: 54ac629e3d6082b385c93bf59bd6a1f0016547da9e3e1145f97c507a78095d0a 44754 tomcat7-common_7.0.21-1ubuntu0.1_all.deb facd43d4bc50bb710b23373cc8d7dd5d494dc50f9ba5883e9fc941ba1f006917 38496 tomcat7_7.0.21-1ubuntu0.1_all.deb 42672826074bb5b550c098e756d9a5539478b4959c2f130a1d2a21ab8e3fbf8a 27758 tomcat7-user_7.0.21-1ubuntu0.1_all.deb d8e655451c7460233c81114f5cd439d73d804adefedb7419742bf3928bc68b11 3360746 libtomcat7-java_7.0.21-1ubuntu0.1_all.deb 798f9e0f27e27a07b76342f81a52b8368903c14291ffb04230ea82b5e7b24961 291454 libservlet3.0-java_7.0.21-1ubuntu0.1_all.deb 1ae3e803c393200a94c7d7064c6d6632be5834f310f62017825b6945b7779008 286626 libservlet3.0-java-doc_7.0.21-1ubuntu0.1_all.deb 7135167a78b51f80855b9d8f95d3f5bcc4280cddadf313dffa3d1262e1d73386 41256 tomcat7-admin_7.0.21-1ubuntu0.1_all.deb c48e88e28641e4346ab3b634b8cdfc004e5cc984444ed578c9adf700ef63b1e0 170378 tomcat7-examples_7.0.21-1ubuntu0.1_all.deb 63864795a46cc7b6d6d27a0be82ef6f00d3831377dbf5dc5e2124f076e7661ca 596142 tomcat7-docs_7.0.21-1ubuntu0.1_all.deb Files: aaa7641f47fef377c8628a5ab06c0be8 44754 java optional tomcat7-common_7.0.21-1ubuntu0.1_all.deb fd247d7b935997013b682c817a615a11 38496 java optional tomcat7_7.0.21-1ubuntu0.1_all.deb c59836c8576842df60f199a61d40b200 27758 java optional tomcat7-user_7.0.21-1ubuntu0.1_all.deb d59dcd6aee9210d5f0b85c8fab0c3a0e 3360746 java optional libtomcat7-java_7.0.21-1ubuntu0.1_all.deb 003d6c37cee19015e41f16d4bcdebf98 291454 java optional libservlet3.0-java_7.0.21-1ubuntu0.1_all.deb 363ac26511b5553c251252119314248d 286626 doc optional libservlet3.0-java-doc_7.0.21-1ubuntu0.1_all.deb 624800609e026636ad62cfd0181f920c 41256 java optional tomcat7-admin_7.0.21-1ubuntu0.1_all.deb fa4ed688d1e3e1df5235cc75a0060f95 170378 java optional tomcat7-examples_7.0.21-1ubuntu0.1_all.deb 1601ef90586340ebe30ae753c7e2cab1 596142 doc optional tomcat7-docs_7.0.21-1ubuntu0.1_all.deb Original-Maintainer: Debian Java Maintainers