View Bazaar branches
Get this repository:
git clone https://git.launchpad.net/ubuntu/+source/tomcat6
Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
applied/ubuntu/oneiric-proposed 2012-01-26 16:34:39 UTC 2012-01-26
Import patches-applied version 6.0.32-5ubuntu1.2 to applied/ubuntu/oneiric-pr...

Author: Marc Deslauriers
Author Date: 2012-01-25 14:00:23 UTC

Import patches-applied version 6.0.32-5ubuntu1.2 to applied/ubuntu/oneiric-proposed

Imported using git-ubuntu import.

Changelog parent: 2a71a3d7de92756570b59b4e3d2bef4fdc08b2fa
Unapplied parent: d906b062ba36423346cb2fa7231d6260c466ef15

New changelog entries:
  * SECURITY UPDATE: cross-request information leakage
    - debian/patches/0016-CVE-2011-3375.patch: ensure that the request and
      response objects are recycled after being re-populated in
      java/org/apache/catalina/connector/CoyoteAdapter.java,
      java/org/apache/coyote/ajp/AjpAprProcessor.java,
      java/org/apache/coyote/ajp/AjpProcessor.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/Http11NioProcessor.java,
      java/org/apache/coyote/http11/Http11Processor.java.
    - CVE-2011-3375
  * SECURITY UPDATE: denial of service via hash collision and incorrect
    handling of large numbers of parameters and parameter values
    (LP: #909828)
    - debian/patches/0017-CVE-2012-0022.patch: refactor parameter handling
      code in conf/web.xml,
      java/org/apache/catalina/connector/Connector.java,
      java/org/apache/catalina/connector/mbeans-descriptors.xml,
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/filters/FilterBase.java,
      java/org/apache/catalina/filters/FailedRequestFilter.java,
      java/org/apache/catalina/Globals.java,
      java/org/apache/coyote/Request.java,
      java/org/apache/tomcat/util/buf/B2CConverter.java,
      java/org/apache/tomcat/util/buf/ByteChunk.java,
      java/org/apache/tomcat/util/buf/MessageBytes.java,
      java/org/apache/tomcat/util/buf/StringCache.java,
      java/org/apache/tomcat/util/http/LocalStrings.properties,
      java/org/apache/tomcat/util/http/Parameters.java,
      webapps/docs/config/ajp.xml,
      webapps/docs/config/filter.xml,
      webapps/docs/config/http.xml.
    - CVE-2011-4858
    - CVE-2012-0022

ubuntu/natty-proposed 2012-01-26 16:34:39 UTC 2012-01-26
Import patches-unapplied version 6.0.28-10ubuntu2.3 to ubuntu/natty-proposed

Author: Marc Deslauriers
Author Date: 2012-01-25 18:42:23 UTC

Import patches-unapplied version 6.0.28-10ubuntu2.3 to ubuntu/natty-proposed

Imported using git-ubuntu import.

Changelog parent: d6e04c0d430782b052e3f7772ca95caacaa0531d

New changelog entries:
  * SECURITY UPDATE: denial of service via hash collision and incorrect
    handling of large numbers of parameters and parameter values
    (LP: #909828)
    - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
      code in conf/web.xml,
      java/org/apache/catalina/connector/Connector.java,
      java/org/apache/catalina/connector/mbeans-descriptors.xml,
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/filters/FailedRequestFilter.java,
      java/org/apache/catalina/Globals.java,
      java/org/apache/coyote/Request.java,
      java/org/apache/tomcat/util/buf/B2CConverter.java,
      java/org/apache/tomcat/util/buf/ByteChunk.java,
      java/org/apache/tomcat/util/buf/MessageBytes.java,
      java/org/apache/tomcat/util/buf/StringCache.java,
      java/org/apache/tomcat/util/http/LocalStrings.properties,
      java/org/apache/tomcat/util/http/Parameters.java,
      webapps/docs/config/ajp.xml,
      webapps/docs/config/http.xml.
    - CVE-2011-4858
    - CVE-2012-0022

ubuntu/maverick-updates 2012-01-26 16:34:39 UTC 2012-01-26
Import patches-unapplied version 6.0.28-2ubuntu1.6 to ubuntu/maverick-proposed

Author: Marc Deslauriers
Author Date: 2012-01-25 19:09:00 UTC

Import patches-unapplied version 6.0.28-2ubuntu1.6 to ubuntu/maverick-proposed

Imported using git-ubuntu import.

Changelog parent: 3b23222785b5ac4fa0bbfb853e3be463dcc4a61b

New changelog entries:
  * SECURITY UPDATE: denial of service via hash collision and incorrect
    handling of large numbers of parameters and parameter values
    (LP: #909828)
    - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
      code in conf/web.xml,
      java/org/apache/catalina/connector/Connector.java,
      java/org/apache/catalina/connector/mbeans-descriptors.xml,
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/filters/FailedRequestFilter.java,
      java/org/apache/catalina/Globals.java,
      java/org/apache/coyote/Request.java,
      java/org/apache/tomcat/util/buf/B2CConverter.java,
      java/org/apache/tomcat/util/buf/ByteChunk.java,
      java/org/apache/tomcat/util/buf/MessageBytes.java,
      java/org/apache/tomcat/util/buf/StringCache.java,
      java/org/apache/tomcat/util/http/LocalStrings.properties,
      java/org/apache/tomcat/util/http/Parameters.java,
      webapps/docs/config/ajp.xml,
      webapps/docs/config/http.xml.
    - CVE-2011-4858
    - CVE-2012-0022

applied/ubuntu/natty-updates 2012-01-26 16:34:39 UTC 2012-01-26
Import patches-applied version 6.0.28-10ubuntu2.3 to applied/ubuntu/natty-pro...

Author: Marc Deslauriers
Author Date: 2012-01-25 18:42:23 UTC

Import patches-applied version 6.0.28-10ubuntu2.3 to applied/ubuntu/natty-proposed

Imported using git-ubuntu import.

Changelog parent: 7fe876485b21469a46c53793cdfe5db73beb5c49
Unapplied parent: fca4c0455289503b132d688c863ad4218cd16064

New changelog entries:
  * SECURITY UPDATE: denial of service via hash collision and incorrect
    handling of large numbers of parameters and parameter values
    (LP: #909828)
    - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
      code in conf/web.xml,
      java/org/apache/catalina/connector/Connector.java,
      java/org/apache/catalina/connector/mbeans-descriptors.xml,
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/filters/FailedRequestFilter.java,
      java/org/apache/catalina/Globals.java,
      java/org/apache/coyote/Request.java,
      java/org/apache/tomcat/util/buf/B2CConverter.java,
      java/org/apache/tomcat/util/buf/ByteChunk.java,
      java/org/apache/tomcat/util/buf/MessageBytes.java,
      java/org/apache/tomcat/util/buf/StringCache.java,
      java/org/apache/tomcat/util/http/LocalStrings.properties,
      java/org/apache/tomcat/util/http/Parameters.java,
      webapps/docs/config/ajp.xml,
      webapps/docs/config/http.xml.
    - CVE-2011-4858
    - CVE-2012-0022

ubuntu/natty-devel 2012-01-26 16:34:39 UTC 2012-01-26
Import patches-unapplied version 6.0.28-10ubuntu2.3 to ubuntu/natty-proposed

Author: Marc Deslauriers
Author Date: 2012-01-25 18:42:23 UTC

Import patches-unapplied version 6.0.28-10ubuntu2.3 to ubuntu/natty-proposed

Imported using git-ubuntu import.

Changelog parent: d6e04c0d430782b052e3f7772ca95caacaa0531d

New changelog entries:
  * SECURITY UPDATE: denial of service via hash collision and incorrect
    handling of large numbers of parameters and parameter values
    (LP: #909828)
    - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
      code in conf/web.xml,
      java/org/apache/catalina/connector/Connector.java,
      java/org/apache/catalina/connector/mbeans-descriptors.xml,
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/filters/FailedRequestFilter.java,
      java/org/apache/catalina/Globals.java,
      java/org/apache/coyote/Request.java,
      java/org/apache/tomcat/util/buf/B2CConverter.java,
      java/org/apache/tomcat/util/buf/ByteChunk.java,
      java/org/apache/tomcat/util/buf/MessageBytes.java,
      java/org/apache/tomcat/util/buf/StringCache.java,
      java/org/apache/tomcat/util/http/LocalStrings.properties,
      java/org/apache/tomcat/util/http/Parameters.java,
      webapps/docs/config/ajp.xml,
      webapps/docs/config/http.xml.
    - CVE-2011-4858
    - CVE-2012-0022

ubuntu/natty-updates 2012-01-26 16:34:39 UTC 2012-01-26
Import patches-unapplied version 6.0.28-10ubuntu2.3 to ubuntu/natty-proposed

Author: Marc Deslauriers
Author Date: 2012-01-25 18:42:23 UTC

Import patches-unapplied version 6.0.28-10ubuntu2.3 to ubuntu/natty-proposed

Imported using git-ubuntu import.

Changelog parent: d6e04c0d430782b052e3f7772ca95caacaa0531d

New changelog entries:
  * SECURITY UPDATE: denial of service via hash collision and incorrect
    handling of large numbers of parameters and parameter values
    (LP: #909828)
    - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
      code in conf/web.xml,
      java/org/apache/catalina/connector/Connector.java,
      java/org/apache/catalina/connector/mbeans-descriptors.xml,
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/filters/FailedRequestFilter.java,
      java/org/apache/catalina/Globals.java,
      java/org/apache/coyote/Request.java,
      java/org/apache/tomcat/util/buf/B2CConverter.java,
      java/org/apache/tomcat/util/buf/ByteChunk.java,
      java/org/apache/tomcat/util/buf/MessageBytes.java,
      java/org/apache/tomcat/util/buf/StringCache.java,
      java/org/apache/tomcat/util/http/LocalStrings.properties,
      java/org/apache/tomcat/util/http/Parameters.java,
      webapps/docs/config/ajp.xml,
      webapps/docs/config/http.xml.
    - CVE-2011-4858
    - CVE-2012-0022

applied/ubuntu/natty-proposed 2012-01-26 16:34:39 UTC 2012-01-26
Import patches-applied version 6.0.28-10ubuntu2.3 to applied/ubuntu/natty-pro...

Author: Marc Deslauriers
Author Date: 2012-01-25 18:42:23 UTC

Import patches-applied version 6.0.28-10ubuntu2.3 to applied/ubuntu/natty-proposed

Imported using git-ubuntu import.

Changelog parent: 7fe876485b21469a46c53793cdfe5db73beb5c49
Unapplied parent: fca4c0455289503b132d688c863ad4218cd16064

New changelog entries:
  * SECURITY UPDATE: denial of service via hash collision and incorrect
    handling of large numbers of parameters and parameter values
    (LP: #909828)
    - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
      code in conf/web.xml,
      java/org/apache/catalina/connector/Connector.java,
      java/org/apache/catalina/connector/mbeans-descriptors.xml,
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/filters/FailedRequestFilter.java,
      java/org/apache/catalina/Globals.java,
      java/org/apache/coyote/Request.java,
      java/org/apache/tomcat/util/buf/B2CConverter.java,
      java/org/apache/tomcat/util/buf/ByteChunk.java,
      java/org/apache/tomcat/util/buf/MessageBytes.java,
      java/org/apache/tomcat/util/buf/StringCache.java,
      java/org/apache/tomcat/util/http/LocalStrings.properties,
      java/org/apache/tomcat/util/http/Parameters.java,
      webapps/docs/config/ajp.xml,
      webapps/docs/config/http.xml.
    - CVE-2011-4858
    - CVE-2012-0022

applied/ubuntu/natty-security 2012-01-26 16:34:39 UTC 2012-01-26
Import patches-applied version 6.0.28-10ubuntu2.3 to applied/ubuntu/natty-pro...

Author: Marc Deslauriers
Author Date: 2012-01-25 18:42:23 UTC

Import patches-applied version 6.0.28-10ubuntu2.3 to applied/ubuntu/natty-proposed

Imported using git-ubuntu import.

Changelog parent: 7fe876485b21469a46c53793cdfe5db73beb5c49
Unapplied parent: fca4c0455289503b132d688c863ad4218cd16064

New changelog entries:
  * SECURITY UPDATE: denial of service via hash collision and incorrect
    handling of large numbers of parameters and parameter values
    (LP: #909828)
    - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
      code in conf/web.xml,
      java/org/apache/catalina/connector/Connector.java,
      java/org/apache/catalina/connector/mbeans-descriptors.xml,
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/filters/FailedRequestFilter.java,
      java/org/apache/catalina/Globals.java,
      java/org/apache/coyote/Request.java,
      java/org/apache/tomcat/util/buf/B2CConverter.java,
      java/org/apache/tomcat/util/buf/ByteChunk.java,
      java/org/apache/tomcat/util/buf/MessageBytes.java,
      java/org/apache/tomcat/util/buf/StringCache.java,
      java/org/apache/tomcat/util/http/LocalStrings.properties,
      java/org/apache/tomcat/util/http/Parameters.java,
      webapps/docs/config/ajp.xml,
      webapps/docs/config/http.xml.
    - CVE-2011-4858
    - CVE-2012-0022

ubuntu/oneiric-proposed 2012-01-26 16:34:39 UTC 2012-01-26
Import patches-unapplied version 6.0.32-5ubuntu1.2 to ubuntu/oneiric-proposed

Author: Marc Deslauriers
Author Date: 2012-01-25 14:00:23 UTC

Import patches-unapplied version 6.0.32-5ubuntu1.2 to ubuntu/oneiric-proposed

Imported using git-ubuntu import.

Changelog parent: 20bc1ca541763a28ed27b504f978caae11bbfff1

New changelog entries:
  * SECURITY UPDATE: cross-request information leakage
    - debian/patches/0016-CVE-2011-3375.patch: ensure that the request and
      response objects are recycled after being re-populated in
      java/org/apache/catalina/connector/CoyoteAdapter.java,
      java/org/apache/coyote/ajp/AjpAprProcessor.java,
      java/org/apache/coyote/ajp/AjpProcessor.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/Http11NioProcessor.java,
      java/org/apache/coyote/http11/Http11Processor.java.
    - CVE-2011-3375
  * SECURITY UPDATE: denial of service via hash collision and incorrect
    handling of large numbers of parameters and parameter values
    (LP: #909828)
    - debian/patches/0017-CVE-2012-0022.patch: refactor parameter handling
      code in conf/web.xml,
      java/org/apache/catalina/connector/Connector.java,
      java/org/apache/catalina/connector/mbeans-descriptors.xml,
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/filters/FilterBase.java,
      java/org/apache/catalina/filters/FailedRequestFilter.java,
      java/org/apache/catalina/Globals.java,
      java/org/apache/coyote/Request.java,
      java/org/apache/tomcat/util/buf/B2CConverter.java,
      java/org/apache/tomcat/util/buf/ByteChunk.java,
      java/org/apache/tomcat/util/buf/MessageBytes.java,
      java/org/apache/tomcat/util/buf/StringCache.java,
      java/org/apache/tomcat/util/http/LocalStrings.properties,
      java/org/apache/tomcat/util/http/Parameters.java,
      webapps/docs/config/ajp.xml,
      webapps/docs/config/filter.xml,
      webapps/docs/config/http.xml.
    - CVE-2011-4858
    - CVE-2012-0022

ubuntu/maverick-devel 2012-01-26 16:34:39 UTC 2012-01-26
Import patches-unapplied version 6.0.28-2ubuntu1.6 to ubuntu/maverick-proposed

Author: Marc Deslauriers
Author Date: 2012-01-25 19:09:00 UTC

Import patches-unapplied version 6.0.28-2ubuntu1.6 to ubuntu/maverick-proposed

Imported using git-ubuntu import.

Changelog parent: 3b23222785b5ac4fa0bbfb853e3be463dcc4a61b

New changelog entries:
  * SECURITY UPDATE: denial of service via hash collision and incorrect
    handling of large numbers of parameters and parameter values
    (LP: #909828)
    - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
      code in conf/web.xml,
      java/org/apache/catalina/connector/Connector.java,
      java/org/apache/catalina/connector/mbeans-descriptors.xml,
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/filters/FailedRequestFilter.java,
      java/org/apache/catalina/Globals.java,
      java/org/apache/coyote/Request.java,
      java/org/apache/tomcat/util/buf/B2CConverter.java,
      java/org/apache/tomcat/util/buf/ByteChunk.java,
      java/org/apache/tomcat/util/buf/MessageBytes.java,
      java/org/apache/tomcat/util/buf/StringCache.java,
      java/org/apache/tomcat/util/http/LocalStrings.properties,
      java/org/apache/tomcat/util/http/Parameters.java,
      webapps/docs/config/ajp.xml,
      webapps/docs/config/http.xml.
    - CVE-2011-4858
    - CVE-2012-0022

ubuntu/maverick-proposed 2012-01-26 16:34:39 UTC 2012-01-26
Import patches-unapplied version 6.0.28-2ubuntu1.6 to ubuntu/maverick-proposed

Author: Marc Deslauriers
Author Date: 2012-01-25 19:09:00 UTC

Import patches-unapplied version 6.0.28-2ubuntu1.6 to ubuntu/maverick-proposed

Imported using git-ubuntu import.

Changelog parent: 3b23222785b5ac4fa0bbfb853e3be463dcc4a61b

New changelog entries:
  * SECURITY UPDATE: denial of service via hash collision and incorrect
    handling of large numbers of parameters and parameter values
    (LP: #909828)
    - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
      code in conf/web.xml,
      java/org/apache/catalina/connector/Connector.java,
      java/org/apache/catalina/connector/mbeans-descriptors.xml,
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/filters/FailedRequestFilter.java,
      java/org/apache/catalina/Globals.java,
      java/org/apache/coyote/Request.java,
      java/org/apache/tomcat/util/buf/B2CConverter.java,
      java/org/apache/tomcat/util/buf/ByteChunk.java,
      java/org/apache/tomcat/util/buf/MessageBytes.java,
      java/org/apache/tomcat/util/buf/StringCache.java,
      java/org/apache/tomcat/util/http/LocalStrings.properties,
      java/org/apache/tomcat/util/http/Parameters.java,
      webapps/docs/config/ajp.xml,
      webapps/docs/config/http.xml.
    - CVE-2011-4858
    - CVE-2012-0022

ubuntu/maverick-security 2012-01-26 16:34:39 UTC 2012-01-26
Import patches-unapplied version 6.0.28-2ubuntu1.6 to ubuntu/maverick-proposed

Author: Marc Deslauriers
Author Date: 2012-01-25 19:09:00 UTC

Import patches-unapplied version 6.0.28-2ubuntu1.6 to ubuntu/maverick-proposed

Imported using git-ubuntu import.

Changelog parent: 3b23222785b5ac4fa0bbfb853e3be463dcc4a61b

New changelog entries:
  * SECURITY UPDATE: denial of service via hash collision and incorrect
    handling of large numbers of parameters and parameter values
    (LP: #909828)
    - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
      code in conf/web.xml,
      java/org/apache/catalina/connector/Connector.java,
      java/org/apache/catalina/connector/mbeans-descriptors.xml,
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/filters/FailedRequestFilter.java,
      java/org/apache/catalina/Globals.java,
      java/org/apache/coyote/Request.java,
      java/org/apache/tomcat/util/buf/B2CConverter.java,
      java/org/apache/tomcat/util/buf/ByteChunk.java,
      java/org/apache/tomcat/util/buf/MessageBytes.java,
      java/org/apache/tomcat/util/buf/StringCache.java,
      java/org/apache/tomcat/util/http/LocalStrings.properties,
      java/org/apache/tomcat/util/http/Parameters.java,
      webapps/docs/config/ajp.xml,
      webapps/docs/config/http.xml.
    - CVE-2011-4858
    - CVE-2012-0022

applied/ubuntu/lucid-proposed 2012-01-26 15:33:58 UTC 2012-01-26
Import patches-applied version 6.0.24-2ubuntu1.10 to applied/ubuntu/lucid-pro...

Author: Marc Deslauriers
Author Date: 2012-01-25 19:35:46 UTC

Import patches-applied version 6.0.24-2ubuntu1.10 to applied/ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 1e9ae04a91d375bd0d388a711261cb9dd4ca96ab
Unapplied parent: c0b530a2f84ceebcc18c7941bd360c60e4dd1fbe

New changelog entries:
  * SECURITY UPDATE: denial of service via hash collision and incorrect
    handling of large numbers of parameters and parameter values
    (LP: #909828)
    - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
      code in conf/web.xml,
      java/org/apache/catalina/connector/Connector.java,
      java/org/apache/catalina/connector/mbeans-descriptors.xml,
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/filters/FailedRequestFilter.java,
      java/org/apache/catalina/Globals.java,
      java/org/apache/coyote/Request.java,
      java/org/apache/tomcat/util/buf/B2CConverter.java,
      java/org/apache/tomcat/util/buf/ByteChunk.java,
      java/org/apache/tomcat/util/buf/MessageBytes.java,
      java/org/apache/tomcat/util/buf/StringCache.java,
      java/org/apache/tomcat/util/http/LocalStrings.properties,
      java/org/apache/tomcat/util/http/Parameters.java,
      webapps/docs/config/ajp.xml,
      webapps/docs/config/http.xml.
    - CVE-2011-4858
    - CVE-2012-0022

ubuntu/lucid-proposed 2012-01-26 15:33:58 UTC 2012-01-26
Import patches-unapplied version 6.0.24-2ubuntu1.10 to ubuntu/lucid-proposed

Author: Marc Deslauriers
Author Date: 2012-01-25 19:35:46 UTC

Import patches-unapplied version 6.0.24-2ubuntu1.10 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 3e2f89f94be90cbbc6ddc0b698c565b4a13d9191

New changelog entries:
  * SECURITY UPDATE: denial of service via hash collision and incorrect
    handling of large numbers of parameters and parameter values
    (LP: #909828)
    - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
      code in conf/web.xml,
      java/org/apache/catalina/connector/Connector.java,
      java/org/apache/catalina/connector/mbeans-descriptors.xml,
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/filters/FailedRequestFilter.java,
      java/org/apache/catalina/Globals.java,
      java/org/apache/coyote/Request.java,
      java/org/apache/tomcat/util/buf/B2CConverter.java,
      java/org/apache/tomcat/util/buf/ByteChunk.java,
      java/org/apache/tomcat/util/buf/MessageBytes.java,
      java/org/apache/tomcat/util/buf/StringCache.java,
      java/org/apache/tomcat/util/http/LocalStrings.properties,
      java/org/apache/tomcat/util/http/Parameters.java,
      webapps/docs/config/ajp.xml,
      webapps/docs/config/http.xml.
    - CVE-2011-4858
    - CVE-2012-0022

applied/ubuntu/oneiric 2011-09-15 10:04:51 UTC 2011-09-15
Import patches-applied version 6.0.32-5ubuntu1 to applied/ubuntu/oneiric

Author: James Page
Author Date: 2011-09-08 13:45:34 UTC

Import patches-applied version 6.0.32-5ubuntu1 to applied/ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: 66ea98eace29ba7aea0634aac335b59491863916
Unapplied parent: 5e64f11d4d368449ca9dc4b876f16f44be474e11

New changelog entries:
  * Added patch for CVE-2011-3190 (LP: #843701).

ubuntu/oneiric 2011-09-15 10:04:51 UTC 2011-09-15
Import patches-unapplied version 6.0.32-5ubuntu1 to ubuntu/oneiric

Author: James Page
Author Date: 2011-09-08 13:45:34 UTC

Import patches-unapplied version 6.0.32-5ubuntu1 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: be9c309ec65e1edd53c0c78e7bdb7ae42d7d0d4d

New changelog entries:
  * Added patch for CVE-2011-3190 (LP: #843701).

applied/ubuntu/karmic-devel 2011-03-29 17:08:03 UTC 2011-03-29
Import patches-applied version 6.0.20-2ubuntu2.4 to applied/ubuntu/karmic-sec...

Author: Marc Deslauriers
Author Date: 2011-03-24 17:58:06 UTC

Import patches-applied version 6.0.20-2ubuntu2.4 to applied/ubuntu/karmic-security

Imported using git-ubuntu import.

Changelog parent: e5909fbea5fe925f858fc6f522a8ff2fced77be6
Unapplied parent: 3b43cea9cd5928f5bdebf13ef751d2c751575ef2

New changelog entries:
  * SECURITY UPDATE: directory traversal via incorrect ServetContext
    attribute (LP: #717396)
    - debian/patches/0012-CVE-2010-3718.patch: mark as read only in
      java/org/apache/catalina/core/StandardContext.java.
    - CVE-2010-3718
  * SECURITY UPDATE: cross-site scripting in HTML Manager interface
    - debian/patches/0013-CVE-2011-0013.patch: properly filter values in
      java/org/apache/catalina/manager/{HTMLManagerServlet.java,
      StatusTransformer.java}.
    - CVE-2011-0013
  * SECURITY UPDATE: denial of service via NIOS HTTP connector
    (LP: #714239, LP: #717396)
    - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in
      java/org/apache/coyote/http11/InternalNioInputBuffer.java.
    - CVE-2011-0534

applied/ubuntu/karmic-security 2011-03-29 17:08:03 UTC 2011-03-29
Import patches-applied version 6.0.20-2ubuntu2.4 to applied/ubuntu/karmic-sec...

Author: Marc Deslauriers
Author Date: 2011-03-24 17:58:06 UTC

Import patches-applied version 6.0.20-2ubuntu2.4 to applied/ubuntu/karmic-security

Imported using git-ubuntu import.

Changelog parent: e5909fbea5fe925f858fc6f522a8ff2fced77be6
Unapplied parent: 3b43cea9cd5928f5bdebf13ef751d2c751575ef2

New changelog entries:
  * SECURITY UPDATE: directory traversal via incorrect ServetContext
    attribute (LP: #717396)
    - debian/patches/0012-CVE-2010-3718.patch: mark as read only in
      java/org/apache/catalina/core/StandardContext.java.
    - CVE-2010-3718
  * SECURITY UPDATE: cross-site scripting in HTML Manager interface
    - debian/patches/0013-CVE-2011-0013.patch: properly filter values in
      java/org/apache/catalina/manager/{HTMLManagerServlet.java,
      StatusTransformer.java}.
    - CVE-2011-0013
  * SECURITY UPDATE: denial of service via NIOS HTTP connector
    (LP: #714239, LP: #717396)
    - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in
      java/org/apache/coyote/http11/InternalNioInputBuffer.java.
    - CVE-2011-0534

applied/ubuntu/karmic-updates 2011-03-29 17:08:03 UTC 2011-03-29
Import patches-applied version 6.0.20-2ubuntu2.4 to applied/ubuntu/karmic-sec...

Author: Marc Deslauriers
Author Date: 2011-03-24 17:58:06 UTC

Import patches-applied version 6.0.20-2ubuntu2.4 to applied/ubuntu/karmic-security

Imported using git-ubuntu import.

Changelog parent: e5909fbea5fe925f858fc6f522a8ff2fced77be6
Unapplied parent: 3b43cea9cd5928f5bdebf13ef751d2c751575ef2

New changelog entries:
  * SECURITY UPDATE: directory traversal via incorrect ServetContext
    attribute (LP: #717396)
    - debian/patches/0012-CVE-2010-3718.patch: mark as read only in
      java/org/apache/catalina/core/StandardContext.java.
    - CVE-2010-3718
  * SECURITY UPDATE: cross-site scripting in HTML Manager interface
    - debian/patches/0013-CVE-2011-0013.patch: properly filter values in
      java/org/apache/catalina/manager/{HTMLManagerServlet.java,
      StatusTransformer.java}.
    - CVE-2011-0013
  * SECURITY UPDATE: denial of service via NIOS HTTP connector
    (LP: #714239, LP: #717396)
    - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in
      java/org/apache/coyote/http11/InternalNioInputBuffer.java.
    - CVE-2011-0534

ubuntu/karmic-devel 2011-03-29 17:08:03 UTC 2011-03-29
Import patches-unapplied version 6.0.20-2ubuntu2.4 to ubuntu/karmic-security

Author: Marc Deslauriers
Author Date: 2011-03-24 17:58:06 UTC

Import patches-unapplied version 6.0.20-2ubuntu2.4 to ubuntu/karmic-security

Imported using git-ubuntu import.

Changelog parent: 65a975608b3bbd11311bc4a16d886cee6de19014

New changelog entries:
  * SECURITY UPDATE: directory traversal via incorrect ServetContext
    attribute (LP: #717396)
    - debian/patches/0012-CVE-2010-3718.patch: mark as read only in
      java/org/apache/catalina/core/StandardContext.java.
    - CVE-2010-3718
  * SECURITY UPDATE: cross-site scripting in HTML Manager interface
    - debian/patches/0013-CVE-2011-0013.patch: properly filter values in
      java/org/apache/catalina/manager/{HTMLManagerServlet.java,
      StatusTransformer.java}.
    - CVE-2011-0013
  * SECURITY UPDATE: denial of service via NIOS HTTP connector
    (LP: #714239, LP: #717396)
    - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in
      java/org/apache/coyote/http11/InternalNioInputBuffer.java.
    - CVE-2011-0534

ubuntu/karmic-security 2011-03-29 17:08:03 UTC 2011-03-29
Import patches-unapplied version 6.0.20-2ubuntu2.4 to ubuntu/karmic-security

Author: Marc Deslauriers
Author Date: 2011-03-24 17:58:06 UTC

Import patches-unapplied version 6.0.20-2ubuntu2.4 to ubuntu/karmic-security

Imported using git-ubuntu import.

Changelog parent: 65a975608b3bbd11311bc4a16d886cee6de19014

New changelog entries:
  * SECURITY UPDATE: directory traversal via incorrect ServetContext
    attribute (LP: #717396)
    - debian/patches/0012-CVE-2010-3718.patch: mark as read only in
      java/org/apache/catalina/core/StandardContext.java.
    - CVE-2010-3718
  * SECURITY UPDATE: cross-site scripting in HTML Manager interface
    - debian/patches/0013-CVE-2011-0013.patch: properly filter values in
      java/org/apache/catalina/manager/{HTMLManagerServlet.java,
      StatusTransformer.java}.
    - CVE-2011-0013
  * SECURITY UPDATE: denial of service via NIOS HTTP connector
    (LP: #714239, LP: #717396)
    - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in
      java/org/apache/coyote/http11/InternalNioInputBuffer.java.
    - CVE-2011-0534

ubuntu/karmic-updates 2011-03-29 17:08:03 UTC 2011-03-29
Import patches-unapplied version 6.0.20-2ubuntu2.4 to ubuntu/karmic-security

Author: Marc Deslauriers
Author Date: 2011-03-24 17:58:06 UTC

Import patches-unapplied version 6.0.20-2ubuntu2.4 to ubuntu/karmic-security

Imported using git-ubuntu import.

Changelog parent: 65a975608b3bbd11311bc4a16d886cee6de19014

New changelog entries:
  * SECURITY UPDATE: directory traversal via incorrect ServetContext
    attribute (LP: #717396)
    - debian/patches/0012-CVE-2010-3718.patch: mark as read only in
      java/org/apache/catalina/core/StandardContext.java.
    - CVE-2010-3718
  * SECURITY UPDATE: cross-site scripting in HTML Manager interface
    - debian/patches/0013-CVE-2011-0013.patch: properly filter values in
      java/org/apache/catalina/manager/{HTMLManagerServlet.java,
      StatusTransformer.java}.
    - CVE-2011-0013
  * SECURITY UPDATE: denial of service via NIOS HTTP connector
    (LP: #714239, LP: #717396)
    - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in
      java/org/apache/coyote/http11/InternalNioInputBuffer.java.
    - CVE-2011-0534

ubuntu/natty 2011-03-16 14:05:02 UTC 2011-03-16
Import patches-unapplied version 6.0.28-10ubuntu2 to ubuntu/natty

Author: Abhinav Upadhyay
Author Date: 2011-03-11 08:25:28 UTC

Import patches-unapplied version 6.0.28-10ubuntu2 to ubuntu/natty

Imported using git-ubuntu import.

Changelog parent: ecfd54e3f038ea76d6572f725ddf2df02ac8b843

New changelog entries:
  * debian/tomcat6-instance-create: Eclipse can now be configured to use a user instance
    of tomcat6 using tomcat6-instance-create without any additional work.
    tomcat6-instance-create will setup all the necessary symlinks to make eclipse work.
    (Closes: #551091) (LP: #297675)

applied/ubuntu/natty 2011-03-16 14:05:02 UTC 2011-03-16
Import patches-applied version 6.0.28-10ubuntu2 to applied/ubuntu/natty

Author: Abhinav Upadhyay
Author Date: 2011-03-11 08:25:28 UTC

Import patches-applied version 6.0.28-10ubuntu2 to applied/ubuntu/natty

Imported using git-ubuntu import.

Changelog parent: 4704031d920436e949e2c7fca34bbce1171171b2
Unapplied parent: 37c991031b1c542e99f2606efa0a6b4c72e5dfa7

New changelog entries:
  * debian/tomcat6-instance-create: Eclipse can now be configured to use a user instance
    of tomcat6 using tomcat6-instance-create without any additional work.
    tomcat6-instance-create will setup all the necessary symlinks to make eclipse work.
    (Closes: #551091) (LP: #297675)

applied/ubuntu/jaunty-updates 2010-08-25 15:06:15 UTC 2010-08-25
Import patches-applied version 6.0.18-0ubuntu6.3 to applied/ubuntu/jaunty-sec...

Author: Marc Deslauriers
Author Date: 2010-08-19 15:04:50 UTC

Import patches-applied version 6.0.18-0ubuntu6.3 to applied/ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 125892f97d879ef73e2fea76a59b956a02368a24
Unapplied parent: 932ea9ac0bef4096359a7a89f64ad35e9d0c1f3d

New changelog entries:
  * SECURITY UPDATE: denial of service and possible information disclosure
    via crafted header
    - debian/patches/CVE-2010-2227.patch: fix filter logic in
      java/org/apache/coyote/http11/{Http11AprProcessor,Http11NioProcessor,
      Http11Processor,filters/BufferedInputFilter}.java.
    - CVE-2010-2227

applied/ubuntu/jaunty-devel 2010-08-25 15:06:15 UTC 2010-08-25
Import patches-applied version 6.0.18-0ubuntu6.3 to applied/ubuntu/jaunty-sec...

Author: Marc Deslauriers
Author Date: 2010-08-19 15:04:50 UTC

Import patches-applied version 6.0.18-0ubuntu6.3 to applied/ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 125892f97d879ef73e2fea76a59b956a02368a24
Unapplied parent: 932ea9ac0bef4096359a7a89f64ad35e9d0c1f3d

New changelog entries:
  * SECURITY UPDATE: denial of service and possible information disclosure
    via crafted header
    - debian/patches/CVE-2010-2227.patch: fix filter logic in
      java/org/apache/coyote/http11/{Http11AprProcessor,Http11NioProcessor,
      Http11Processor,filters/BufferedInputFilter}.java.
    - CVE-2010-2227

ubuntu/jaunty-updates 2010-08-25 15:06:15 UTC 2010-08-25
Import patches-unapplied version 6.0.18-0ubuntu6.3 to ubuntu/jaunty-security

Author: Marc Deslauriers
Author Date: 2010-08-19 15:04:50 UTC

Import patches-unapplied version 6.0.18-0ubuntu6.3 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 8d4c9cf669cc48a958dca22b7772985224696ec3

New changelog entries:
  * SECURITY UPDATE: denial of service and possible information disclosure
    via crafted header
    - debian/patches/CVE-2010-2227.patch: fix filter logic in
      java/org/apache/coyote/http11/{Http11AprProcessor,Http11NioProcessor,
      Http11Processor,filters/BufferedInputFilter}.java.
    - CVE-2010-2227

ubuntu/jaunty-security 2010-08-25 15:06:15 UTC 2010-08-25
Import patches-unapplied version 6.0.18-0ubuntu6.3 to ubuntu/jaunty-security

Author: Marc Deslauriers
Author Date: 2010-08-19 15:04:50 UTC

Import patches-unapplied version 6.0.18-0ubuntu6.3 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 8d4c9cf669cc48a958dca22b7772985224696ec3

New changelog entries:
  * SECURITY UPDATE: denial of service and possible information disclosure
    via crafted header
    - debian/patches/CVE-2010-2227.patch: fix filter logic in
      java/org/apache/coyote/http11/{Http11AprProcessor,Http11NioProcessor,
      Http11Processor,filters/BufferedInputFilter}.java.
    - CVE-2010-2227

ubuntu/jaunty-devel 2010-08-25 15:06:15 UTC 2010-08-25
Import patches-unapplied version 6.0.18-0ubuntu6.3 to ubuntu/jaunty-security

Author: Marc Deslauriers
Author Date: 2010-08-19 15:04:50 UTC

Import patches-unapplied version 6.0.18-0ubuntu6.3 to ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 8d4c9cf669cc48a958dca22b7772985224696ec3

New changelog entries:
  * SECURITY UPDATE: denial of service and possible information disclosure
    via crafted header
    - debian/patches/CVE-2010-2227.patch: fix filter logic in
      java/org/apache/coyote/http11/{Http11AprProcessor,Http11NioProcessor,
      Http11Processor,filters/BufferedInputFilter}.java.
    - CVE-2010-2227

applied/ubuntu/jaunty-security 2010-08-25 15:06:15 UTC 2010-08-25
Import patches-applied version 6.0.18-0ubuntu6.3 to applied/ubuntu/jaunty-sec...

Author: Marc Deslauriers
Author Date: 2010-08-19 15:04:50 UTC

Import patches-applied version 6.0.18-0ubuntu6.3 to applied/ubuntu/jaunty-security

Imported using git-ubuntu import.

Changelog parent: 125892f97d879ef73e2fea76a59b956a02368a24
Unapplied parent: 932ea9ac0bef4096359a7a89f64ad35e9d0c1f3d

New changelog entries:
  * SECURITY UPDATE: denial of service and possible information disclosure
    via crafted header
    - debian/patches/CVE-2010-2227.patch: fix filter logic in
      java/org/apache/coyote/http11/{Http11AprProcessor,Http11NioProcessor,
      Http11Processor,filters/BufferedInputFilter}.java.
    - CVE-2010-2227

ubuntu/maverick 2010-08-25 10:05:21 UTC 2010-08-25
Import patches-unapplied version 6.0.28-2ubuntu1 to ubuntu/maverick

Author: Thierry Carrez (ttx)
Author Date: 2010-08-25 07:07:03 UTC

Import patches-unapplied version 6.0.28-2ubuntu1 to ubuntu/maverick

Imported using git-ubuntu import.

Changelog parent: c1cb978751a7a600d3a982a8281ade7198b5a320

New changelog entries:
  * Check for group existence to avoid postinst failure (LP: #611721)

applied/ubuntu/maverick 2010-08-25 10:05:21 UTC 2010-08-25
Import patches-applied version 6.0.28-2ubuntu1 to applied/ubuntu/maverick

Author: Thierry Carrez (ttx)
Author Date: 2010-08-25 07:07:03 UTC

Import patches-applied version 6.0.28-2ubuntu1 to applied/ubuntu/maverick

Imported using git-ubuntu import.

Changelog parent: 669c2761fa8b73c9a77157108c4ffc8c3442ccae
Unapplied parent: 4ca250c2da9177a0d3b7d6788f9d633d2b37d40f

New changelog entries:
  * Check for group existence to avoid postinst failure (LP: #611721)

applied/ubuntu/lucid 2010-03-31 10:05:18 UTC 2010-03-31
Import patches-applied version 6.0.24-2ubuntu1 to applied/ubuntu/lucid

Author: Thierry Carrez
Author Date: 2010-03-31 08:47:51 UTC

Import patches-applied version 6.0.24-2ubuntu1 to applied/ubuntu/lucid

Imported using git-ubuntu import.

Changelog parent: b4dc26a8eacc626b72e14ee80801576be8c42ac5
Unapplied parent: c5e5abd4ce6e5e2a91ecae188e1a30adfc17091c

New changelog entries:
  [ Thierry Carrez ]
  * Uploading what 6.0.24-5 should be (upload is blocked in Debian due to
    current infrastructure issues), in order to meet Beta2Freeze.
  [ Niels Thykier ]
  * Added optimised garbage collection options to tomcat6's default options.
    Thanks to Aaron J. Zirbes and Thierry Carrez for research and the patch.
    (Closes: LP: #541520)
  * Updated the changelog to mention closed CVE's in the 6.0.24-1 release.
  * Applied patch from Arto Jantunen fixing an issue with cleaning up the
    pid-file. (Closes: #574084)
  [ Ludovic Claude ]
  * debian/tomcat6.postrm: fix removal of Tomcat (Closes: #567548)
  * Set UTF-8 as default character encoding - Patch by Thomas Koch
    (Closes: #573539)
  * Set the major, minor and build versions when calling Ant
    (Closes: LP: #495505)
  * Rebuild with a more recent version of maven-repo-helper which puts
    the javax jars at the correct location in the Maven repository.
    Fixes several FTBFS in other packages.

ubuntu/lucid 2010-03-31 10:05:18 UTC 2010-03-31
Import patches-unapplied version 6.0.24-2ubuntu1 to ubuntu/lucid

Author: Thierry Carrez
Author Date: 2010-03-31 08:47:51 UTC

Import patches-unapplied version 6.0.24-2ubuntu1 to ubuntu/lucid

Imported using git-ubuntu import.

Changelog parent: d45e3a6f2bc5066c9742a4a6c35996c48e4346eb

New changelog entries:
  [ Thierry Carrez ]
  * Uploading what 6.0.24-5 should be (upload is blocked in Debian due to
    current infrastructure issues), in order to meet Beta2Freeze.
  [ Niels Thykier ]
  * Added optimised garbage collection options to tomcat6's default options.
    Thanks to Aaron J. Zirbes and Thierry Carrez for research and the patch.
    (Closes: LP: #541520)
  * Updated the changelog to mention closed CVE's in the 6.0.24-1 release.
  * Applied patch from Arto Jantunen fixing an issue with cleaning up the
    pid-file. (Closes: #574084)
  [ Ludovic Claude ]
  * debian/tomcat6.postrm: fix removal of Tomcat (Closes: #567548)
  * Set UTF-8 as default character encoding - Patch by Thomas Koch
    (Closes: #573539)
  * Set the major, minor and build versions when calling Ant
    (Closes: LP: #495505)
  * Rebuild with a more recent version of maven-repo-helper which puts
    the javax jars at the correct location in the Maven repository.
    Fixes several FTBFS in other packages.

ubuntu/intrepid-security 2010-02-11 19:05:08 UTC 2010-02-11
Import patches-unapplied version 6.0.18-0ubuntu3.3 to ubuntu/intrepid-security

Author: Marc Deslauriers
Author Date: 2010-02-11 14:22:51 UTC

Import patches-unapplied version 6.0.18-0ubuntu3.3 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 28256e4f193efcf7c2a1345ac129f6bc2e83e0a4

New changelog entries:
  * SECURITY UPDATE: arbitrary file creation or overwrite from directory
    traversal via a .. entry in a WAR file.
    - CVE-2009-2693
  * SECURITY UPDATE: authentication bypass via autodeployment process
    - CVE-2009-2901
  * SECURITY UPDATE: work-directory file deletion via directory traversal
    sequences in a WAR filename.
    - CVE-2009-2902
    - debian/patches/security_CVE-2009-2693_2901_2902.patch: validate file
      names and paths in java/org/apache/catalina/loader/
      {LocalStrings.properties,WebappClassLoader.java},
      java/org/apache/catalina/startup/{ContextConfig.java,ExpandWar.java,
      HostConfig.java,LocalStrings.properties}

ubuntu/intrepid-devel 2010-02-11 19:05:08 UTC 2010-02-11
Import patches-unapplied version 6.0.18-0ubuntu3.3 to ubuntu/intrepid-security

Author: Marc Deslauriers
Author Date: 2010-02-11 14:22:51 UTC

Import patches-unapplied version 6.0.18-0ubuntu3.3 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 28256e4f193efcf7c2a1345ac129f6bc2e83e0a4

New changelog entries:
  * SECURITY UPDATE: arbitrary file creation or overwrite from directory
    traversal via a .. entry in a WAR file.
    - CVE-2009-2693
  * SECURITY UPDATE: authentication bypass via autodeployment process
    - CVE-2009-2901
  * SECURITY UPDATE: work-directory file deletion via directory traversal
    sequences in a WAR filename.
    - CVE-2009-2902
    - debian/patches/security_CVE-2009-2693_2901_2902.patch: validate file
      names and paths in java/org/apache/catalina/loader/
      {LocalStrings.properties,WebappClassLoader.java},
      java/org/apache/catalina/startup/{ContextConfig.java,ExpandWar.java,
      HostConfig.java,LocalStrings.properties}

ubuntu/intrepid-updates 2010-02-11 19:05:08 UTC 2010-02-11
Import patches-unapplied version 6.0.18-0ubuntu3.3 to ubuntu/intrepid-security

Author: Marc Deslauriers
Author Date: 2010-02-11 14:22:51 UTC

Import patches-unapplied version 6.0.18-0ubuntu3.3 to ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: 28256e4f193efcf7c2a1345ac129f6bc2e83e0a4

New changelog entries:
  * SECURITY UPDATE: arbitrary file creation or overwrite from directory
    traversal via a .. entry in a WAR file.
    - CVE-2009-2693
  * SECURITY UPDATE: authentication bypass via autodeployment process
    - CVE-2009-2901
  * SECURITY UPDATE: work-directory file deletion via directory traversal
    sequences in a WAR filename.
    - CVE-2009-2902
    - debian/patches/security_CVE-2009-2693_2901_2902.patch: validate file
      names and paths in java/org/apache/catalina/loader/
      {LocalStrings.properties,WebappClassLoader.java},
      java/org/apache/catalina/startup/{ContextConfig.java,ExpandWar.java,
      HostConfig.java,LocalStrings.properties}

applied/ubuntu/intrepid-updates 2010-02-11 19:05:08 UTC 2010-02-11
Import patches-applied version 6.0.18-0ubuntu3.3 to applied/ubuntu/intrepid-s...

Author: Marc Deslauriers
Author Date: 2010-02-11 14:22:51 UTC

Import patches-applied version 6.0.18-0ubuntu3.3 to applied/ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: abced43b6dda200899c722fdf517a45a2f1bcb41
Unapplied parent: edcd7f7ed1e9abcaba01be545437de146fb0737d

New changelog entries:
  * SECURITY UPDATE: arbitrary file creation or overwrite from directory
    traversal via a .. entry in a WAR file.
    - CVE-2009-2693
  * SECURITY UPDATE: authentication bypass via autodeployment process
    - CVE-2009-2901
  * SECURITY UPDATE: work-directory file deletion via directory traversal
    sequences in a WAR filename.
    - CVE-2009-2902
    - debian/patches/security_CVE-2009-2693_2901_2902.patch: validate file
      names and paths in java/org/apache/catalina/loader/
      {LocalStrings.properties,WebappClassLoader.java},
      java/org/apache/catalina/startup/{ContextConfig.java,ExpandWar.java,
      HostConfig.java,LocalStrings.properties}

applied/ubuntu/intrepid-security 2010-02-11 19:05:08 UTC 2010-02-11
Import patches-applied version 6.0.18-0ubuntu3.3 to applied/ubuntu/intrepid-s...

Author: Marc Deslauriers
Author Date: 2010-02-11 14:22:51 UTC

Import patches-applied version 6.0.18-0ubuntu3.3 to applied/ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: abced43b6dda200899c722fdf517a45a2f1bcb41
Unapplied parent: edcd7f7ed1e9abcaba01be545437de146fb0737d

New changelog entries:
  * SECURITY UPDATE: arbitrary file creation or overwrite from directory
    traversal via a .. entry in a WAR file.
    - CVE-2009-2693
  * SECURITY UPDATE: authentication bypass via autodeployment process
    - CVE-2009-2901
  * SECURITY UPDATE: work-directory file deletion via directory traversal
    sequences in a WAR filename.
    - CVE-2009-2902
    - debian/patches/security_CVE-2009-2693_2901_2902.patch: validate file
      names and paths in java/org/apache/catalina/loader/
      {LocalStrings.properties,WebappClassLoader.java},
      java/org/apache/catalina/startup/{ContextConfig.java,ExpandWar.java,
      HostConfig.java,LocalStrings.properties}

applied/ubuntu/intrepid-devel 2010-02-11 19:05:08 UTC 2010-02-11
Import patches-applied version 6.0.18-0ubuntu3.3 to applied/ubuntu/intrepid-s...

Author: Marc Deslauriers
Author Date: 2010-02-11 14:22:51 UTC

Import patches-applied version 6.0.18-0ubuntu3.3 to applied/ubuntu/intrepid-security

Imported using git-ubuntu import.

Changelog parent: abced43b6dda200899c722fdf517a45a2f1bcb41
Unapplied parent: edcd7f7ed1e9abcaba01be545437de146fb0737d

New changelog entries:
  * SECURITY UPDATE: arbitrary file creation or overwrite from directory
    traversal via a .. entry in a WAR file.
    - CVE-2009-2693
  * SECURITY UPDATE: authentication bypass via autodeployment process
    - CVE-2009-2901
  * SECURITY UPDATE: work-directory file deletion via directory traversal
    sequences in a WAR filename.
    - CVE-2009-2902
    - debian/patches/security_CVE-2009-2693_2901_2902.patch: validate file
      names and paths in java/org/apache/catalina/loader/
      {LocalStrings.properties,WebappClassLoader.java},
      java/org/apache/catalina/startup/{ContextConfig.java,ExpandWar.java,
      HostConfig.java,LocalStrings.properties}

applied/ubuntu/karmic 2009-10-26 08:11:22 UTC 2009-10-26
Import patches-applied version 6.0.20-2ubuntu2 to applied/ubuntu/karmic

Author: Matthias Klose
Author Date: 2009-10-25 16:00:31 UTC

Import patches-applied version 6.0.20-2ubuntu2 to applied/ubuntu/karmic

Imported using git-ubuntu import.

Changelog parent: c687b18c9b06e593c51ef5df94a7bf4159a15d74
Unapplied parent: 148e0d8b20bf89bd99a23a26950f82d3f5a0525c

New changelog entries:
  * Add maven POM's for libservlet2.5-java. LP: #454822.
  * debian/policy/02debian.policy: grant access to
    /usr/share/maven-repo/ as it is a valid source of Debian JARs.

ubuntu/karmic 2009-10-26 08:11:22 UTC 2009-10-26
Import patches-unapplied version 6.0.20-2ubuntu2 to ubuntu/karmic

Author: Matthias Klose
Author Date: 2009-10-25 16:00:31 UTC

Import patches-unapplied version 6.0.20-2ubuntu2 to ubuntu/karmic

Imported using git-ubuntu import.

Changelog parent: 960b63591010be054a248b2ee4b36d882e94ee93

New changelog entries:
  * Add maven POM's for libservlet2.5-java. LP: #454822.
  * debian/policy/02debian.policy: grant access to
    /usr/share/maven-repo/ as it is a valid source of Debian JARs.

applied/ubuntu/hardy-backports 2009-09-14 14:04:29 UTC 2009-09-14
Import patches-applied version 6.0.18-0ubuntu3.2~hardy1 to applied/ubuntu/har...

Author: Michael Casadevall
Author Date: 2009-09-11 18:07:05 UTC

Import patches-applied version 6.0.18-0ubuntu3.2~hardy1 to applied/ubuntu/hardy-backports

Imported using git-ubuntu import.

Changelog parent: abced43b6dda200899c722fdf517a45a2f1bcb41
Unapplied parent: 414983da6abf05c495ba088fb6b53b89aafe6758

New changelog entries:
  [ Michael Jeanson ]
  * Source backport for Hardy backports (LP: #271784)
  * debian/control:
    - Changed dependency on default-jdk to openjdk-6-jdk
    - Changed dependency on default-jre-headless to openjdk-6-jre-headless
  * debian/rules:
    - Adjusted JAVA_HOME for openjdk-6-jdk
  [ Michael Casadevall ]
  * Updated diff to apply against intrepid-security 6.0.18-0ubuntu3.2

ubuntu/hardy-backports 2009-09-14 14:04:29 UTC 2009-09-14
Import patches-unapplied version 6.0.18-0ubuntu3.2~hardy1 to ubuntu/hardy-bac...

Author: Michael Casadevall
Author Date: 2009-09-11 18:07:05 UTC

Import patches-unapplied version 6.0.18-0ubuntu3.2~hardy1 to ubuntu/hardy-backports

Imported using git-ubuntu import.

Changelog parent: 28256e4f193efcf7c2a1345ac129f6bc2e83e0a4

New changelog entries:
  [ Michael Jeanson ]
  * Source backport for Hardy backports (LP: #271784)
  * debian/control:
    - Changed dependency on default-jdk to openjdk-6-jdk
    - Changed dependency on default-jre-headless to openjdk-6-jre-headless
  * debian/rules:
    - Adjusted JAVA_HOME for openjdk-6-jdk
  [ Michael Casadevall ]
  * Updated diff to apply against intrepid-security 6.0.18-0ubuntu3.2

applied/debian/experimental 2009-07-17 13:19:51 UTC 2009-07-17
Import patches-applied version 6.0.20-4 to applied/debian/experimental

Author: Torsten Werner
Author Date: 2009-07-16 21:36:32 UTC

Import patches-applied version 6.0.20-4 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 114d4e40a2cb9c91138461ebf4bc09788335e81c
Unapplied parent: 949d26a1bf39958002b55472e08e1c2090129956

New changelog entries:
  * Fix init script:
    - Change Provides: tomcat6. (Closes: #532286)
    - Check for /etc/default/rcS before sourcing it.
  * Update Standards-Version: 3.8.2 (no changes).

debian/experimental 2009-07-17 13:19:51 UTC 2009-07-17
Import patches-unapplied version 6.0.20-4 to debian/experimental

Author: Torsten Werner
Author Date: 2009-07-16 21:36:32 UTC

Import patches-unapplied version 6.0.20-4 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: d86031b8cfd6a32420d57cce45fa070000686a70

New changelog entries:
  * Fix init script:
    - Change Provides: tomcat6. (Closes: #532286)
    - Check for /etc/default/rcS before sourcing it.
  * Update Standards-Version: 3.8.2 (no changes).

applied/ubuntu/jaunty 2009-02-27 19:04:46 UTC 2009-02-27
Import patches-applied version 6.0.18-0ubuntu6 to applied/ubuntu/jaunty

Author: Thierry Carrez
Author Date: 2009-02-23 10:16:37 UTC

Import patches-applied version 6.0.18-0ubuntu6 to applied/ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: 76415b534b0ebb36cb1c00d0815b8b0704eda4b4
Unapplied parent: 4d052eb38c6233da1556a991dbabc82b7188ab83

New changelog entries:
  * Added debian/patches/tcnative-ipv6-fix-43327.patch to fix incompatibility
    between libtcnative-1 and ipv6 (fixes LP: #287645)
  * No longer create confusing /var/lib/tomcat6/lib or lib subdirectory in
    private instances, since they are ignored (LP: #324212)

ubuntu/jaunty 2009-02-27 19:04:46 UTC 2009-02-27
Import patches-unapplied version 6.0.18-0ubuntu6 to ubuntu/jaunty

Author: Thierry Carrez
Author Date: 2009-02-23 10:16:37 UTC

Import patches-unapplied version 6.0.18-0ubuntu6 to ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: 077fb9d6798a17089cbe275f395a9103591520bf

New changelog entries:
  * Added debian/patches/tcnative-ipv6-fix-43327.patch to fix incompatibility
    between libtcnative-1 and ipv6 (fixes LP: #287645)
  * No longer create confusing /var/lib/tomcat6/lib or lib subdirectory in
    private instances, since they are ignored (LP: #324212)

applied/ubuntu/intrepid-proposed 2009-01-20 09:04:33 UTC 2009-01-20
Import patches-applied version 6.0.18-0ubuntu3.1 to applied/ubuntu/intrepid-p...

Author: Thierry Carrez
Author Date: 2008-12-05 08:58:55 UTC

Import patches-applied version 6.0.18-0ubuntu3.1 to applied/ubuntu/intrepid-proposed

Imported using git-ubuntu import.

Changelog parent: 508565dde55c4b509e1064b5e884381119f60904
Unapplied parent: 61efe7373d68c91262dd8c13055f4bf15a1ab73c

New changelog entries:
  * patches/use-commons-dbcp.patch: Change default DBCP factory class
    to org.apache.commons.dbcp.BasicDataSourceFactory (LP: #283852)
  * tomcat6.dirs, tomcat6.postinst, default_root/index.html: Create
    Catalina/localhost in /etc/tomcat6 and make it writeable by the tomcat6
    group, so that autodeploy and admin webapps work as expected (LP: #294277)

ubuntu/intrepid-proposed 2009-01-20 09:04:33 UTC 2009-01-20
Import patches-unapplied version 6.0.18-0ubuntu3.1 to ubuntu/intrepid-proposed

Author: Thierry Carrez
Author Date: 2008-12-05 08:58:55 UTC

Import patches-unapplied version 6.0.18-0ubuntu3.1 to ubuntu/intrepid-proposed

Imported using git-ubuntu import.

Changelog parent: 11fee0c2397217a2c01abfa5f91222a72813f5ae

New changelog entries:
  * patches/use-commons-dbcp.patch: Change default DBCP factory class
    to org.apache.commons.dbcp.BasicDataSourceFactory (LP: #283852)
  * tomcat6.dirs, tomcat6.postinst, default_root/index.html: Create
    Catalina/localhost in /etc/tomcat6 and make it writeable by the tomcat6
    group, so that autodeploy and admin webapps work as expected (LP: #294277)

applied/debian/lenny 2008-10-29 16:00:48 UTC 2008-10-29
Import patches-applied version 6.0.16-1 to applied/debian/lenny

Author: Paul Cager
Author Date: 2008-05-12 23:04:49 UTC

Import patches-applied version 6.0.16-1 to applied/debian/lenny

Imported using git-ubuntu import.

Unapplied parent: 37dc353a9f4a2388e40d040d4c568e3ae32c45de

debian/lenny 2008-10-29 16:00:48 UTC 2008-10-29
Import patches-unapplied version 6.0.16-1 to debian/lenny

Author: Paul Cager
Author Date: 2008-05-12 23:04:49 UTC

Import patches-unapplied version 6.0.16-1 to debian/lenny

Imported using git-ubuntu import.

applied/ubuntu/intrepid 2008-10-24 08:05:01 UTC 2008-10-24
Import patches-applied version 6.0.18-0ubuntu3 to applied/ubuntu/intrepid

Author: Thierry Carrez
Author Date: 2008-10-23 16:19:15 UTC

Import patches-applied version 6.0.18-0ubuntu3 to applied/ubuntu/intrepid

Imported using git-ubuntu import.

Changelog parent: 5b620b1ac4484857e9ed47eba558397c50c9388c
Unapplied parent: 11fee0c2397217a2c01abfa5f91222a72813f5ae

New changelog entries:
  * debian/tomcat6.postinst:
    - Make /var/lib/tomcat6/temp writeable by the tomcat6 user (LP: #287126)
    - Make /var/lib/tomcat6/webapps writeable by tomcat6 group (LP: #287447)
  * debian/tomcat6.init: make status return nonzero if tomcat6 is not running
    (fixes LP: #288218)

ubuntu/intrepid 2008-10-24 08:05:01 UTC 2008-10-24
Import patches-unapplied version 6.0.18-0ubuntu3 to ubuntu/intrepid

Author: Thierry Carrez
Author Date: 2008-10-23 16:19:15 UTC

Import patches-unapplied version 6.0.18-0ubuntu3 to ubuntu/intrepid

Imported using git-ubuntu import.

Changelog parent: 72ebfd177aaae6be44b4d7125557b2ddbba09ccf

New changelog entries:
  * debian/tomcat6.postinst:
    - Make /var/lib/tomcat6/temp writeable by the tomcat6 user (LP: #287126)
    - Make /var/lib/tomcat6/webapps writeable by tomcat6 group (LP: #287447)
  * debian/tomcat6.init: make status return nonzero if tomcat6 is not running
    (fixes LP: #288218)

101154 of 154 results

Other repositories

Name Last Modified
lp:ubuntu/+source/tomcat6 2018-10-17
11 of 1 result
You can't create new repositories for tomcat6 in Ubuntu.