Update to Tomcat 6.0.18
Bug #260016 reported by
Thierry Carrez
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tomcat6 (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Binary package hint: tomcat6
Tomcat 6.0.18 was released on Jul 31 as a security release to fix CVE-2008-1232, CVE-2008-1947, CVE-2008-2370 and CVE-2008-2938.
There was however significant bugfix work for the (doa) 6.0.17 release. See combined upstream changelog at :
http://
Changed in tomcat6: | |
assignee: | nobody → tcarrez |
importance: | Undecided → Wishlist |
status: | New → In Progress |
description: | updated |
To post a comment you must log in.
Consolidated interdiff for simplified review
tomcat6 (6.0.18-0ubuntu1) intrepid; urgency=low
* New upstream version (LP: #260016) common- licenses/ Apache- 2.0
- Fixes CVE-2008-2938: Directory traversal vulnerability (LP: #256802)
- Fixes CVE-2008-2370: Information disclosure vulnerability (LP: #256922)
- Fixes CVE-2008-1232: XSS through sendError vulnerability (LP: #256926)
* Dropped CVE-2008-1947.patch (fix is shipped in this upstream release)
* control: Improve short descriptions for the binary packages
* copyright: Added link to /usr/share/