tomcat6 6.0.45+dfsg-1 source package in Ubuntu
Changelog
tomcat6 (6.0.45+dfsg-1) unstable; urgency=medium * Team upload. * Imported Upstream version 6.0.45+dfsg. - Remove all prebuilt jar files. * Declare compliance with Debian Policy 3.9.7. * Vcs-fields: Use https. * This update fixes the following security vulnerabilities in the source package. Since src:tomcat6 only builds libservlet2.5-java and documentation, users are not directly affected. - CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java. - CVE-2015-5345: The Mapper component in Apache Tomcat before 6.0.45 processes redirects before considering security constraints and Filters. - CVE-2016-0706: Apache Tomcat before 6.0.45 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list which allows remote authenticated users to bypass intended SecurityManager restrictions. - CVE-2016-0714: The session-persistence implementation in Apache Tomcat before 6.0.45 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions. - CVE-2016-0763: The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context. - CVE-2015-5351: The Manager and Host Manager applications in Apache Tomcat establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token. -- Markus Koschany <email address hidden> Sat, 27 Feb 2016 19:32:00 +0100
Upload details
- Uploaded by:
- Debian Java Maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian Java Maintainers
- Architectures:
- all
- Section:
- java
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section | |
---|---|---|---|---|
Xenial | release | universe | web |
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
tomcat6_6.0.45+dfsg-1.dsc | 2.4 KiB | c1bb3dd3cf299188672061398c92f55f76d1e91aa429e2b6acbbf34c87ccc46c |
tomcat6_6.0.45+dfsg.orig.tar.xz | 2.1 MiB | d01037a18afb119656a500d3cdb37e918ae3224e21aac5682ecdaac5519d59bc |
tomcat6_6.0.45+dfsg-1.debian.tar.xz | 37.8 KiB | f4722067e96127583ba06e490566e836ff1a118bd1a9f2e44fdfc1d6fcc87c3f |
Available diffs
- diff from 6.0.41-4 to 6.0.45+dfsg-1 (219.9 KiB)
No changes file available.
Binary packages built by this source
- libservlet2.5-java: No summary available for libservlet2.5-java in ubuntu yakkety.
No description available for libservlet2.5-java in ubuntu yakkety.
- libservlet2.5-java-doc: No summary available for libservlet2.5-java-doc in ubuntu yakkety.
No description available for libservlet2.
5-java- doc in ubuntu yakkety.