View Bazaar branches
Get this repository:
git clone https://git.launchpad.net/ubuntu/+source/tomcat7
Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
importer/ubuntu/dsc 2018-10-31 21:00:19 UTC 2018-10-31
DSC file for 7.0.68-1ubuntu0.4

Author: Ubuntu Git Importer
Author Date: 2018-10-31 21:00:19 UTC

DSC file for 7.0.68-1ubuntu0.4

ubuntu/xenial-security 2018-10-30 19:08:29 UTC 2018-10-30
Import patches-unapplied version 7.0.68-1ubuntu0.4 to ubuntu/xenial-security

Author: Eduardo dos Santos Barretto
Author Date: 2018-10-30 12:54:52 UTC

Import patches-unapplied version 7.0.68-1ubuntu0.4 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 5a005ca0c1ae438225830afd745c6ed6aac725ba

New changelog entries:
  * SECURITY REGRESSION: security manager startup issue (LP: #1799990)
    - debian/patches/0009-Use-java.security.policy-file-in-catalina.sh.patch:
      update to new /var/lib/tomcat7/policy location.
    - debian/tomcat7.postrm.in: remove policy directory.

ubuntu/xenial-updates 2018-10-30 19:08:29 UTC 2018-10-30
Import patches-unapplied version 7.0.68-1ubuntu0.4 to ubuntu/xenial-security

Author: Eduardo dos Santos Barretto
Author Date: 2018-10-30 12:54:52 UTC

Import patches-unapplied version 7.0.68-1ubuntu0.4 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 5a005ca0c1ae438225830afd745c6ed6aac725ba

New changelog entries:
  * SECURITY REGRESSION: security manager startup issue (LP: #1799990)
    - debian/patches/0009-Use-java.security.policy-file-in-catalina.sh.patch:
      update to new /var/lib/tomcat7/policy location.
    - debian/tomcat7.postrm.in: remove policy directory.

ubuntu/xenial-devel 2018-10-30 19:08:29 UTC 2018-10-30
Import patches-unapplied version 7.0.68-1ubuntu0.4 to ubuntu/xenial-security

Author: Eduardo dos Santos Barretto
Author Date: 2018-10-30 12:54:52 UTC

Import patches-unapplied version 7.0.68-1ubuntu0.4 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 5a005ca0c1ae438225830afd745c6ed6aac725ba

New changelog entries:
  * SECURITY REGRESSION: security manager startup issue (LP: #1799990)
    - debian/patches/0009-Use-java.security.policy-file-in-catalina.sh.patch:
      update to new /var/lib/tomcat7/policy location.
    - debian/tomcat7.postrm.in: remove policy directory.

ubuntu/trusty-security 2018-10-10 14:33:15 UTC 2018-10-10
Import patches-unapplied version 7.0.52-1ubuntu0.16 to ubuntu/trusty-security

Author: Marc Deslauriers
Author Date: 2018-10-09 15:25:36 UTC

Import patches-unapplied version 7.0.52-1ubuntu0.16 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 763c7d625c3d61ac97d3fea8487ca1fa466c6ed4

New changelog entries:
  * SECURITY UPDATE: arbitrary redirect issue
    - debian/patches/CVE-2018-11784.patch: avoid protocol relative
      redirects in java/org/apache/catalina/servlets/DefaultServlet.java.
    - CVE-2018-11784

ubuntu/trusty-updates 2018-10-10 14:33:15 UTC 2018-10-10
Import patches-unapplied version 7.0.52-1ubuntu0.16 to ubuntu/trusty-security

Author: Marc Deslauriers
Author Date: 2018-10-09 15:25:36 UTC

Import patches-unapplied version 7.0.52-1ubuntu0.16 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 763c7d625c3d61ac97d3fea8487ca1fa466c6ed4

New changelog entries:
  * SECURITY UPDATE: arbitrary redirect issue
    - debian/patches/CVE-2018-11784.patch: avoid protocol relative
      redirects in java/org/apache/catalina/servlets/DefaultServlet.java.
    - CVE-2018-11784

ubuntu/trusty-devel 2018-10-10 14:33:15 UTC 2018-10-10
Import patches-unapplied version 7.0.52-1ubuntu0.16 to ubuntu/trusty-security

Author: Marc Deslauriers
Author Date: 2018-10-09 15:25:36 UTC

Import patches-unapplied version 7.0.52-1ubuntu0.16 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 763c7d625c3d61ac97d3fea8487ca1fa466c6ed4

New changelog entries:
  * SECURITY UPDATE: arbitrary redirect issue
    - debian/patches/CVE-2018-11784.patch: avoid protocol relative
      redirects in java/org/apache/catalina/servlets/DefaultServlet.java.
    - CVE-2018-11784

importer/ubuntu/pristine-tar 2018-03-08 05:01:38 UTC 2018-03-08
pristine-tar data for tomcat7_7.0.78.orig.tar.xz

Author: Ubuntu Git Importer
Author Date: 2018-03-08 05:01:38 UTC

pristine-tar data for tomcat7_7.0.78.orig.tar.xz

importer/debian/dsc 2018-03-08 04:17:14 UTC 2018-03-08
DSC file for 7.0.56-3+deb8u11

Author: Ubuntu Git Importer
Author Date: 2018-03-08 04:17:14 UTC

DSC file for 7.0.56-3+deb8u11

importer/debian/pristine-tar 2018-03-08 04:16:58 UTC 2018-03-08
pristine-tar data for tomcat7_7.0.78.orig.tar.xz

Author: Ubuntu Git Importer
Author Date: 2018-03-08 04:16:58 UTC

pristine-tar data for tomcat7_7.0.78.orig.tar.xz

applied/debian/jessie 2017-07-22 17:30:27 UTC 2017-07-22
Import patches-applied version 7.0.56-3+deb8u11 to applied/debian/jessie

Author: Markus Koschany
Author Date: 2017-06-20 18:10:32 UTC

Import patches-applied version 7.0.56-3+deb8u11 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: e196615822430a33e68451c9ffc8a6ac0953fa70
Unapplied parent: 9d98df2e31e085690bf0abe67dfab80b188737de

New changelog entries:
  * Team upload.
  * Fix CVE-2017-5664.
    The error page mechanism of the Java Servlet Specification requires that,
    when an error occurs and an error page is configured for the error that
    occurred, the original request and response are forwarded to the error
    page. This means that the request is presented to the error page with the
    original HTTP method. If the error page is a static file, expected
    behaviour is to serve content of the file as if processing a GET request,
    regardless of the actual HTTP method. The Default Servlet in Apache Tomcat
    did not do this. Depending on the original request this could lead to
    unexpected and undesirable results for static error pages including, if the
    DefaultServlet is configured to permit writes, the replacement or removal
    of the custom error page. (Closes: #864447)
  * Team upload.
  * Fix the following security vulnerabilities:
   - CVE-2017-5647:
     A bug in the handling of the pipelined requests when send file was used
     resulted in the pipelined request being lost when send file processing of
     the previous request completed. This could result in responses appearing
     to be sent for the wrong request. For example, a user agent that sent
     requests A, B and C could see the correct response for request A, the
     response for request C for request B and no response for request C.
   - CVE-2017-5648:
     It was noticed that some calls to application listeners did not use the
     appropriate facade object. When running an untrusted application under a
     SecurityManager, it was therefore possible for that untrusted application
     to retain a reference to the request or response object and thereby access
     and/or modify information associated with another web application.

debian/jessie 2017-07-22 17:30:27 UTC 2017-07-22
Import patches-unapplied version 7.0.56-3+deb8u11 to debian/jessie

Author: Markus Koschany
Author Date: 2017-06-20 18:10:32 UTC

Import patches-unapplied version 7.0.56-3+deb8u11 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 0edd1aafc5e6f80a718d09dcae73090f0b06fc52

New changelog entries:
  * Team upload.
  * Fix CVE-2017-5664.
    The error page mechanism of the Java Servlet Specification requires that,
    when an error occurs and an error page is configured for the error that
    occurred, the original request and response are forwarded to the error
    page. This means that the request is presented to the error page with the
    original HTTP method. If the error page is a static file, expected
    behaviour is to serve content of the file as if processing a GET request,
    regardless of the actual HTTP method. The Default Servlet in Apache Tomcat
    did not do this. Depending on the original request this could lead to
    unexpected and undesirable results for static error pages including, if the
    DefaultServlet is configured to permit writes, the replacement or removal
    of the custom error page. (Closes: #864447)
  * Team upload.
  * Fix the following security vulnerabilities:
   - CVE-2017-5647:
     A bug in the handling of the pipelined requests when send file was used
     resulted in the pipelined request being lost when send file processing of
     the previous request completed. This could result in responses appearing
     to be sent for the wrong request. For example, a user agent that sent
     requests A, B and C could see the correct response for request A, the
     response for request C for request B and no response for request C.
   - CVE-2017-5648:
     It was noticed that some calls to application listeners did not use the
     appropriate facade object. When running an untrusted application under a
     SecurityManager, it was therefore possible for that untrusted application
     to retain a reference to the request or response object and thereby access
     and/or modify information associated with another web application.

ubuntu/bionic-devel 2017-05-24 22:21:21 UTC 2017-05-24
Import patches-unapplied version 7.0.78-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2017-05-24 16:03:19 UTC

Import patches-unapplied version 7.0.78-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b6d5ed1d8be8b1962a4a97104df1a1e02352ea36

New changelog entries:
  * New upstream release
    - Refreshed the patches

applied/debian/sid 2017-05-24 22:21:21 UTC 2017-05-24
Import patches-applied version 7.0.78-1 to applied/debian/sid

Author: Emmanuel Bourg
Author Date: 2017-05-24 16:03:19 UTC

Import patches-applied version 7.0.78-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 78b988016c2a48ed07a2b71a1a100026c1b68c5c
Unapplied parent: 68848f7e3a2647c1b8d4c25416df368c5f57dd33

New changelog entries:
  * New upstream release
    - Refreshed the patches

debian/buster 2017-05-24 22:21:21 UTC 2017-05-24
Import patches-unapplied version 7.0.78-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2017-05-24 16:03:19 UTC

Import patches-unapplied version 7.0.78-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b6d5ed1d8be8b1962a4a97104df1a1e02352ea36

New changelog entries:
  * New upstream release
    - Refreshed the patches

applied/debian/buster 2017-05-24 22:21:21 UTC 2017-05-24
Import patches-applied version 7.0.78-1 to applied/debian/sid

Author: Emmanuel Bourg
Author Date: 2017-05-24 16:03:19 UTC

Import patches-applied version 7.0.78-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 78b988016c2a48ed07a2b71a1a100026c1b68c5c
Unapplied parent: 68848f7e3a2647c1b8d4c25416df368c5f57dd33

New changelog entries:
  * New upstream release
    - Refreshed the patches

debian/sid 2017-05-24 22:21:21 UTC 2017-05-24
Import patches-unapplied version 7.0.78-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2017-05-24 16:03:19 UTC

Import patches-unapplied version 7.0.78-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b6d5ed1d8be8b1962a4a97104df1a1e02352ea36

New changelog entries:
  * New upstream release
    - Refreshed the patches

ubuntu/artful 2017-05-24 22:21:21 UTC 2017-05-24
Import patches-unapplied version 7.0.78-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2017-05-24 16:03:19 UTC

Import patches-unapplied version 7.0.78-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b6d5ed1d8be8b1962a4a97104df1a1e02352ea36

New changelog entries:
  * New upstream release
    - Refreshed the patches

ubuntu/artful-devel 2017-05-24 22:21:21 UTC 2017-05-24
Import patches-unapplied version 7.0.78-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2017-05-24 16:03:19 UTC

Import patches-unapplied version 7.0.78-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b6d5ed1d8be8b1962a4a97104df1a1e02352ea36

New changelog entries:
  * New upstream release
    - Refreshed the patches

ubuntu/artful-proposed 2017-05-24 22:21:21 UTC 2017-05-24
Import patches-unapplied version 7.0.78-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2017-05-24 16:03:19 UTC

Import patches-unapplied version 7.0.78-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b6d5ed1d8be8b1962a4a97104df1a1e02352ea36

New changelog entries:
  * New upstream release
    - Refreshed the patches

ubuntu/bionic 2017-05-24 22:21:21 UTC 2017-05-24
Import patches-unapplied version 7.0.78-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2017-05-24 16:03:19 UTC

Import patches-unapplied version 7.0.78-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b6d5ed1d8be8b1962a4a97104df1a1e02352ea36

New changelog entries:
  * New upstream release
    - Refreshed the patches

ubuntu/cosmic 2017-05-24 22:21:21 UTC 2017-05-24
Import patches-unapplied version 7.0.78-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2017-05-24 16:03:19 UTC

Import patches-unapplied version 7.0.78-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b6d5ed1d8be8b1962a4a97104df1a1e02352ea36

New changelog entries:
  * New upstream release
    - Refreshed the patches

ubuntu/cosmic-devel 2017-05-24 22:21:21 UTC 2017-05-24
Import patches-unapplied version 7.0.78-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2017-05-24 16:03:19 UTC

Import patches-unapplied version 7.0.78-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b6d5ed1d8be8b1962a4a97104df1a1e02352ea36

New changelog entries:
  * New upstream release
    - Refreshed the patches

ubuntu/devel 2017-05-24 22:21:21 UTC 2017-05-24
Import patches-unapplied version 7.0.78-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2017-05-24 16:03:19 UTC

Import patches-unapplied version 7.0.78-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b6d5ed1d8be8b1962a4a97104df1a1e02352ea36

New changelog entries:
  * New upstream release
    - Refreshed the patches

ubuntu/disco 2017-05-24 22:21:21 UTC 2017-05-24
Import patches-unapplied version 7.0.78-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2017-05-24 16:03:19 UTC

Import patches-unapplied version 7.0.78-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b6d5ed1d8be8b1962a4a97104df1a1e02352ea36

New changelog entries:
  * New upstream release
    - Refreshed the patches

ubuntu/disco-devel 2017-05-24 22:21:21 UTC 2017-05-24
Import patches-unapplied version 7.0.78-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2017-05-24 16:03:19 UTC

Import patches-unapplied version 7.0.78-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b6d5ed1d8be8b1962a4a97104df1a1e02352ea36

New changelog entries:
  * New upstream release
    - Refreshed the patches

ubuntu/trusty-proposed 2017-04-05 18:33:28 UTC 2017-04-05
Import patches-unapplied version 7.0.52-1ubuntu0.11 to ubuntu/trusty-proposed

Author: Joshua Powers
Author Date: 2017-03-22 19:42:56 UTC

Import patches-unapplied version 7.0.52-1ubuntu0.11 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: ed7398c51db52f7787702668742abb19108df7b2

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat7 contains
    the '%' character (LP: #1666570).
  * Fix javax.servlet.jsp POM to use servlet-api version 3.0 instead of
    2.2 (LP: #1664179).

ubuntu/yakkety-devel 2017-04-05 18:18:20 UTC 2017-04-05
Import patches-unapplied version 7.0.72-1ubuntu0.1 to ubuntu/yakkety-proposed

Author: Joshua Powers
Author Date: 2017-03-28 23:04:14 UTC

Import patches-unapplied version 7.0.72-1ubuntu0.1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: f248f52e8b06fcb04280c070aeef5bce4bb459c0

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat7 contains
    the '%' character (LP: #1666570).
  * Fix javax.servlet.jsp POM to use servlet-api version 3.0 instead of
    2.2 (LP: #1664179).

ubuntu/yakkety-proposed 2017-04-05 18:18:20 UTC 2017-04-05
Import patches-unapplied version 7.0.72-1ubuntu0.1 to ubuntu/yakkety-proposed

Author: Joshua Powers
Author Date: 2017-03-28 23:04:14 UTC

Import patches-unapplied version 7.0.72-1ubuntu0.1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: f248f52e8b06fcb04280c070aeef5bce4bb459c0

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat7 contains
    the '%' character (LP: #1666570).
  * Fix javax.servlet.jsp POM to use servlet-api version 3.0 instead of
    2.2 (LP: #1664179).

ubuntu/xenial-proposed 2017-04-05 18:18:20 UTC 2017-04-05
Import patches-unapplied version 7.0.68-1ubuntu0.2 to ubuntu/xenial-proposed

Author: Joshua Powers
Author Date: 2017-03-28 23:15:05 UTC

Import patches-unapplied version 7.0.68-1ubuntu0.2 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 3a78f99989f10ff005f630c8e69d393de9c86376

New changelog entries:
  * Fix an upgrade error when JAVA_OPTS in /etc/default/tomcat7 contains
    the '%' character (LP: #1666570).
  * Fix javax.servlet.jsp POM to use servlet-api version 3.0 instead of
    2.2 (LP: #1664179).

ubuntu/zesty-devel 2017-01-25 16:26:03 UTC 2017-01-25
Import patches-unapplied version 7.0.75-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2017-01-24 12:13:38 UTC

Import patches-unapplied version 7.0.75-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 4b4750638f5262d5c577d57a376da6e533f0a6a0

New changelog entries:
  * New upstream release
    - Refreshed the patches

debian/stretch 2017-01-25 16:26:03 UTC 2017-01-25
Import patches-unapplied version 7.0.75-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2017-01-24 12:13:38 UTC

Import patches-unapplied version 7.0.75-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 4b4750638f5262d5c577d57a376da6e533f0a6a0

New changelog entries:
  * New upstream release
    - Refreshed the patches

ubuntu/zesty-proposed 2017-01-25 16:26:03 UTC 2017-01-25
Import patches-unapplied version 7.0.75-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2017-01-24 12:13:38 UTC

Import patches-unapplied version 7.0.75-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 4b4750638f5262d5c577d57a376da6e533f0a6a0

New changelog entries:
  * New upstream release
    - Refreshed the patches

ubuntu/zesty 2017-01-25 16:26:03 UTC 2017-01-25
Import patches-unapplied version 7.0.75-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2017-01-24 12:13:38 UTC

Import patches-unapplied version 7.0.75-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 4b4750638f5262d5c577d57a376da6e533f0a6a0

New changelog entries:
  * New upstream release
    - Refreshed the patches

applied/debian/stretch 2017-01-25 16:26:03 UTC 2017-01-25
Import patches-applied version 7.0.75-1 to applied/debian/sid

Author: Emmanuel Bourg
Author Date: 2017-01-24 12:13:38 UTC

Import patches-applied version 7.0.75-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 718f2029e3897d42740ae19078ea40558fafacb9
Unapplied parent: bc5aa05bbea2ccf70aa250f78c86dae93f094f32

New changelog entries:
  * New upstream release
    - Refreshed the patches

ubuntu/yakkety 2016-09-20 22:25:09 UTC 2016-09-20
Import patches-unapplied version 7.0.72-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2016-09-20 11:28:54 UTC

Import patches-unapplied version 7.0.72-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 21122f405c5df9d34cf941f6bb05466da37c5d12

New changelog entries:
  * New upstream release

ubuntu/wily-updates 2016-07-05 17:14:00 UTC 2016-07-05
Import patches-unapplied version 7.0.64-1ubuntu0.3 to ubuntu/wily-security

Author: Marc Deslauriers
Author Date: 2016-06-29 12:48:32 UTC

Import patches-unapplied version 7.0.64-1ubuntu0.3 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: abaeef61301502f35d53e0c8c28f494d0ccea8d8

New changelog entries:
  * SECURITY UPDATE: directory traversal vulnerability in RequestUtil.java
    - debian/patches/CVE-2015-5174.patch: fix more normalization edge cases
      in java/org/apache/tomcat/util/http/RequestUtil.java,
      test/org/apache/tomcat/util/http/TestRequestUtil.java.
    - CVE-2015-5174
  * SECURITY UPDATE: information disclosure via redirects by mapper
    - debian/patches/CVE-2015-5345.patch: fix redirect logic in
      java/org/apache/catalina/Context.java,
      java/org/apache/catalina/authenticator/FormAuthenticator.java,
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/core/mbeans-descriptors.xml,
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/WebdavServlet.java,
      java/org/apache/catalina/startup/FailedContext.java,
      java/org/apache/tomcat/util/http/mapper/Mapper.java,
      test/org/apache/catalina/startup/TomcatBaseTest.java,
      webapps/docs/config/context.xml,
      test/org/apache/catalina/core/TesterContext.java,
      test/org/apache/tomcat/util/http/mapper/TestMapperWebapps.java.
    - CVE-2015-5345
  * SECURITY UPDATE: session fixation vulnerability
    - debian/patches/CVE-2015-5346.patch: handle different session settings
      in java/org/apache/catalina/connector/CoyoteAdapter.java,
      java/org/apache/catalina/connector/Request.java.
    - CVE-2015-5346
  * SECURITY UPDATE: CSRF protection mechanism bypass
    - debian/patches/CVE-2015-5351.patch: don't create sessions
      unnecessarily in webapps/host-manager/WEB-INF/jsp/401.jsp,
      webapps/host-manager/WEB-INF/jsp/403.jsp,
      webapps/host-manager/WEB-INF/jsp/404.jsp,
      webapps/host-manager/index.jsp,
      webapps/manager/WEB-INF/web.xml,
      webapps/manager/index.jsp.
    - CVE-2015-5351
  * SECURITY UPDATE: securityManager restrictions bypass via
    StatusManagerServlet
    - debian/patches/CVE-2016-0706.patch: place servlet in restricted list
      in java/org/apache/catalina/core/RestrictedServlets.properties.
    - CVE-2016-0706
  * SECURITY UPDATE: securityManager restrictions bypass via
    session-persistence implementation
    - debian/patches/CVE-2016-0714.patch: extend the session attribute
      filtering options in
      java/org/apache/catalina/ha/session/ClusterManagerBase.java
      java/org/apache/catalina/ha/session/mbeans-descriptors.xml,
      java/org/apache/catalina/session/LocalStrings.properties,
      java/org/apache/catalina/session/ManagerBase.java,
      java/org/apache/catalina/session/StandardManager.java,
      java/org/apache/catalina/session/mbeans-descriptors.xml,
      java/org/apache/catalina/util/CustomObjectInputStream.java,
      java/org/apache/catalina/util/LocalStrings.properties,
      webapps/docs/config/cluster-manager.xml,
      webapps/docs/config/manager.xml.
    - CVE-2016-0714
  * SECURITY UPDATE: securityManager restrictions bypass via crafted global
    context
    - debian/patches/CVE-2016-0763.patch: protect initialization in
      java/org/apache/naming/factory/ResourceLinkFactory.java.
    - CVE-2016-0763
  * SECURITY UPDATE: denial of service in FileUpload
    - debian/patches/CVE-2016-3092.patch: properly handle size in
      java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
    - CVE-2016-3092
  * debian/patches/fix_cookie_names_in_tests.patch: fix FTBFS by removing
    colons in cookie names which is illegal in newer java versions in
    test/org/apache/catalina/authenticator/*.java.

ubuntu/wily-devel 2016-07-05 17:14:00 UTC 2016-07-05
Import patches-unapplied version 7.0.64-1ubuntu0.3 to ubuntu/wily-security

Author: Marc Deslauriers
Author Date: 2016-06-29 12:48:32 UTC

Import patches-unapplied version 7.0.64-1ubuntu0.3 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: abaeef61301502f35d53e0c8c28f494d0ccea8d8

New changelog entries:
  * SECURITY UPDATE: directory traversal vulnerability in RequestUtil.java
    - debian/patches/CVE-2015-5174.patch: fix more normalization edge cases
      in java/org/apache/tomcat/util/http/RequestUtil.java,
      test/org/apache/tomcat/util/http/TestRequestUtil.java.
    - CVE-2015-5174
  * SECURITY UPDATE: information disclosure via redirects by mapper
    - debian/patches/CVE-2015-5345.patch: fix redirect logic in
      java/org/apache/catalina/Context.java,
      java/org/apache/catalina/authenticator/FormAuthenticator.java,
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/core/mbeans-descriptors.xml,
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/WebdavServlet.java,
      java/org/apache/catalina/startup/FailedContext.java,
      java/org/apache/tomcat/util/http/mapper/Mapper.java,
      test/org/apache/catalina/startup/TomcatBaseTest.java,
      webapps/docs/config/context.xml,
      test/org/apache/catalina/core/TesterContext.java,
      test/org/apache/tomcat/util/http/mapper/TestMapperWebapps.java.
    - CVE-2015-5345
  * SECURITY UPDATE: session fixation vulnerability
    - debian/patches/CVE-2015-5346.patch: handle different session settings
      in java/org/apache/catalina/connector/CoyoteAdapter.java,
      java/org/apache/catalina/connector/Request.java.
    - CVE-2015-5346
  * SECURITY UPDATE: CSRF protection mechanism bypass
    - debian/patches/CVE-2015-5351.patch: don't create sessions
      unnecessarily in webapps/host-manager/WEB-INF/jsp/401.jsp,
      webapps/host-manager/WEB-INF/jsp/403.jsp,
      webapps/host-manager/WEB-INF/jsp/404.jsp,
      webapps/host-manager/index.jsp,
      webapps/manager/WEB-INF/web.xml,
      webapps/manager/index.jsp.
    - CVE-2015-5351
  * SECURITY UPDATE: securityManager restrictions bypass via
    StatusManagerServlet
    - debian/patches/CVE-2016-0706.patch: place servlet in restricted list
      in java/org/apache/catalina/core/RestrictedServlets.properties.
    - CVE-2016-0706
  * SECURITY UPDATE: securityManager restrictions bypass via
    session-persistence implementation
    - debian/patches/CVE-2016-0714.patch: extend the session attribute
      filtering options in
      java/org/apache/catalina/ha/session/ClusterManagerBase.java
      java/org/apache/catalina/ha/session/mbeans-descriptors.xml,
      java/org/apache/catalina/session/LocalStrings.properties,
      java/org/apache/catalina/session/ManagerBase.java,
      java/org/apache/catalina/session/StandardManager.java,
      java/org/apache/catalina/session/mbeans-descriptors.xml,
      java/org/apache/catalina/util/CustomObjectInputStream.java,
      java/org/apache/catalina/util/LocalStrings.properties,
      webapps/docs/config/cluster-manager.xml,
      webapps/docs/config/manager.xml.
    - CVE-2016-0714
  * SECURITY UPDATE: securityManager restrictions bypass via crafted global
    context
    - debian/patches/CVE-2016-0763.patch: protect initialization in
      java/org/apache/naming/factory/ResourceLinkFactory.java.
    - CVE-2016-0763
  * SECURITY UPDATE: denial of service in FileUpload
    - debian/patches/CVE-2016-3092.patch: properly handle size in
      java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
    - CVE-2016-3092
  * debian/patches/fix_cookie_names_in_tests.patch: fix FTBFS by removing
    colons in cookie names which is illegal in newer java versions in
    test/org/apache/catalina/authenticator/*.java.

ubuntu/wily-security 2016-07-05 17:14:00 UTC 2016-07-05
Import patches-unapplied version 7.0.64-1ubuntu0.3 to ubuntu/wily-security

Author: Marc Deslauriers
Author Date: 2016-06-29 12:48:32 UTC

Import patches-unapplied version 7.0.64-1ubuntu0.3 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: abaeef61301502f35d53e0c8c28f494d0ccea8d8

New changelog entries:
  * SECURITY UPDATE: directory traversal vulnerability in RequestUtil.java
    - debian/patches/CVE-2015-5174.patch: fix more normalization edge cases
      in java/org/apache/tomcat/util/http/RequestUtil.java,
      test/org/apache/tomcat/util/http/TestRequestUtil.java.
    - CVE-2015-5174
  * SECURITY UPDATE: information disclosure via redirects by mapper
    - debian/patches/CVE-2015-5345.patch: fix redirect logic in
      java/org/apache/catalina/Context.java,
      java/org/apache/catalina/authenticator/FormAuthenticator.java,
      java/org/apache/catalina/core/StandardContext.java,
      java/org/apache/catalina/core/mbeans-descriptors.xml,
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/WebdavServlet.java,
      java/org/apache/catalina/startup/FailedContext.java,
      java/org/apache/tomcat/util/http/mapper/Mapper.java,
      test/org/apache/catalina/startup/TomcatBaseTest.java,
      webapps/docs/config/context.xml,
      test/org/apache/catalina/core/TesterContext.java,
      test/org/apache/tomcat/util/http/mapper/TestMapperWebapps.java.
    - CVE-2015-5345
  * SECURITY UPDATE: session fixation vulnerability
    - debian/patches/CVE-2015-5346.patch: handle different session settings
      in java/org/apache/catalina/connector/CoyoteAdapter.java,
      java/org/apache/catalina/connector/Request.java.
    - CVE-2015-5346
  * SECURITY UPDATE: CSRF protection mechanism bypass
    - debian/patches/CVE-2015-5351.patch: don't create sessions
      unnecessarily in webapps/host-manager/WEB-INF/jsp/401.jsp,
      webapps/host-manager/WEB-INF/jsp/403.jsp,
      webapps/host-manager/WEB-INF/jsp/404.jsp,
      webapps/host-manager/index.jsp,
      webapps/manager/WEB-INF/web.xml,
      webapps/manager/index.jsp.
    - CVE-2015-5351
  * SECURITY UPDATE: securityManager restrictions bypass via
    StatusManagerServlet
    - debian/patches/CVE-2016-0706.patch: place servlet in restricted list
      in java/org/apache/catalina/core/RestrictedServlets.properties.
    - CVE-2016-0706
  * SECURITY UPDATE: securityManager restrictions bypass via
    session-persistence implementation
    - debian/patches/CVE-2016-0714.patch: extend the session attribute
      filtering options in
      java/org/apache/catalina/ha/session/ClusterManagerBase.java
      java/org/apache/catalina/ha/session/mbeans-descriptors.xml,
      java/org/apache/catalina/session/LocalStrings.properties,
      java/org/apache/catalina/session/ManagerBase.java,
      java/org/apache/catalina/session/StandardManager.java,
      java/org/apache/catalina/session/mbeans-descriptors.xml,
      java/org/apache/catalina/util/CustomObjectInputStream.java,
      java/org/apache/catalina/util/LocalStrings.properties,
      webapps/docs/config/cluster-manager.xml,
      webapps/docs/config/manager.xml.
    - CVE-2016-0714
  * SECURITY UPDATE: securityManager restrictions bypass via crafted global
    context
    - debian/patches/CVE-2016-0763.patch: protect initialization in
      java/org/apache/naming/factory/ResourceLinkFactory.java.
    - CVE-2016-0763
  * SECURITY UPDATE: denial of service in FileUpload
    - debian/patches/CVE-2016-3092.patch: properly handle size in
      java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
    - CVE-2016-3092
  * debian/patches/fix_cookie_names_in_tests.patch: fix FTBFS by removing
    colons in cookie names which is illegal in newer java versions in
    test/org/apache/catalina/authenticator/*.java.

debian/wheezy 2016-06-05 05:42:17 UTC 2016-06-05
Import patches-unapplied version 7.0.28-4+deb7u4 to debian/wheezy

Author: Markus Koschany
Author Date: 2016-04-16 11:07:43 UTC

Import patches-unapplied version 7.0.28-4+deb7u4 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: 4a3b462b0197859ee25acf601a90bdb00e054f16

New changelog entries:
  * Fix CVE-2014-0096:
    java/org/apache/catalina/servlets/DefaultServlet.java in the default
    servlet in Apache Tomcat does not properly restrict XSLT stylesheets, which
    allows remote attackers to bypass security-manager restrictions and read
    arbitrary files via a crafted web application that provides an XML external
    entity declaration in conjunction with an entity reference, related to an
    XML External Entity (XXE) issue.
  * Fix CVE-2014-0119:
    It was found that in limited circumstances it was possible for a malicious
    web application to replace the XML parsers used by Tomcat to process XSLTs
    for the default servlet, JSP documents, tag library descriptors (TLDs) and
    tag plugin configuration files. The injected XML parser(s) could then
    bypass the limits imposed on XML external entities and/or have visibility
    of the XML files processed for other web applications deployed on the same
    Tomcat instance.
  * Fix CVE-2015-5174:
    Directory traversal vulnerability in RequestUtil.java allows remote
    authenticated users to bypass intended SecurityManager restrictions and
    list a parent directory via a /.. (slash dot dot) in a pathname used by a
    web application in a getResource, getResourceAsStream, or getResourcePaths
    call, as demonstrated by the $CATALINA_BASE/webapps directory.
  * Fix CVE-2015-5345:
    The Mapper component in Apache Tomcat processes redirects before
    considering security constraints and Filters, which allows remote attackers
    to determine the existence of a directory via a URL that lacks a trailing /
    (slash) character.
  * Fix CVE-2015-5346:
    Session fixation vulnerability in Apache Tomcat when different session
    settings are used for deployments of multiple versions of the same web
    application, might allow remote attackers to hijack web sessions by
    leveraging use of a requestedSessionSSL field for an unintended request,
    related to CoyoteAdapter.java and Request.java.
  * Fix CVE-2015-5351:
    The Manager and Host Manager applications in Apache Tomcat establish
    sessions and send CSRF tokens for arbitrary new requests, which allows
    remote attackers to bypass a CSRF protection mechanism by using a token.
  * Fix CVE-2016-0706:
    Apache Tomcat does not place
    org.apache.catalina.manager.StatusManagerServlet on the
    org/apache/catalina/core/RestrictedServlets.properties list, which allows
    remote authenticated users to bypass intended SecurityManager restrictions
    and read arbitrary HTTP requests, and consequently discover session ID
    values, via a crafted web application.
  * Fix CVE-2016-0714:
    The session-persistence implementation in Apache Tomcat mishandles session
    attributes, which allows remote authenticated users to bypass intended
    SecurityManager restrictions and execute arbitrary code in a privileged
    context via a web application that places a crafted object in a session.
  * Fix CVE-2016-0763:
    The setGlobalContext method in
    org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat does
    not consider whether ResourceLinkFactory.setGlobalContext callers are
    authorized, which allows remote authenticated users to bypass intended
    SecurityManager restrictions and read or write to arbitrary application
    data, or cause a denial of service (application disruption), via a web
    application that sets a crafted global context.

applied/debian/wheezy 2016-06-05 05:42:17 UTC 2016-06-05
Import patches-applied version 7.0.28-4+deb7u4 to applied/debian/wheezy

Author: Markus Koschany
Author Date: 2016-04-16 11:07:43 UTC

Import patches-applied version 7.0.28-4+deb7u4 to applied/debian/wheezy

Imported using git-ubuntu import.

Changelog parent: e5dd3da09a8adec53d1072fc9ba3c0207d641d96
Unapplied parent: 94c75717e1abb28595553db6c750f15c2ca90304

New changelog entries:
  * Fix CVE-2014-0096:
    java/org/apache/catalina/servlets/DefaultServlet.java in the default
    servlet in Apache Tomcat does not properly restrict XSLT stylesheets, which
    allows remote attackers to bypass security-manager restrictions and read
    arbitrary files via a crafted web application that provides an XML external
    entity declaration in conjunction with an entity reference, related to an
    XML External Entity (XXE) issue.
  * Fix CVE-2014-0119:
    It was found that in limited circumstances it was possible for a malicious
    web application to replace the XML parsers used by Tomcat to process XSLTs
    for the default servlet, JSP documents, tag library descriptors (TLDs) and
    tag plugin configuration files. The injected XML parser(s) could then
    bypass the limits imposed on XML external entities and/or have visibility
    of the XML files processed for other web applications deployed on the same
    Tomcat instance.
  * Fix CVE-2015-5174:
    Directory traversal vulnerability in RequestUtil.java allows remote
    authenticated users to bypass intended SecurityManager restrictions and
    list a parent directory via a /.. (slash dot dot) in a pathname used by a
    web application in a getResource, getResourceAsStream, or getResourcePaths
    call, as demonstrated by the $CATALINA_BASE/webapps directory.
  * Fix CVE-2015-5345:
    The Mapper component in Apache Tomcat processes redirects before
    considering security constraints and Filters, which allows remote attackers
    to determine the existence of a directory via a URL that lacks a trailing /
    (slash) character.
  * Fix CVE-2015-5346:
    Session fixation vulnerability in Apache Tomcat when different session
    settings are used for deployments of multiple versions of the same web
    application, might allow remote attackers to hijack web sessions by
    leveraging use of a requestedSessionSSL field for an unintended request,
    related to CoyoteAdapter.java and Request.java.
  * Fix CVE-2015-5351:
    The Manager and Host Manager applications in Apache Tomcat establish
    sessions and send CSRF tokens for arbitrary new requests, which allows
    remote attackers to bypass a CSRF protection mechanism by using a token.
  * Fix CVE-2016-0706:
    Apache Tomcat does not place
    org.apache.catalina.manager.StatusManagerServlet on the
    org/apache/catalina/core/RestrictedServlets.properties list, which allows
    remote authenticated users to bypass intended SecurityManager restrictions
    and read arbitrary HTTP requests, and consequently discover session ID
    values, via a crafted web application.
  * Fix CVE-2016-0714:
    The session-persistence implementation in Apache Tomcat mishandles session
    attributes, which allows remote authenticated users to bypass intended
    SecurityManager restrictions and execute arbitrary code in a privileged
    context via a web application that places a crafted object in a session.
  * Fix CVE-2016-0763:
    The setGlobalContext method in
    org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat does
    not consider whether ResourceLinkFactory.setGlobalContext callers are
    authorized, which allows remote authenticated users to bypass intended
    SecurityManager restrictions and read or write to arbitrary application
    data, or cause a denial of service (application disruption), via a web
    application that sets a crafted global context.

ubuntu/xenial 2016-02-19 04:22:20 UTC 2016-02-19
Import patches-unapplied version 7.0.68-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2016-02-18 21:26:43 UTC

Import patches-unapplied version 7.0.68-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: abaeef61301502f35d53e0c8c28f494d0ccea8d8

New changelog entries:
  * Team upload.
  * New upstream release (Closes: #814640)
    - Refreshed the patches
    - New build dependencies on easymock, cglib and objenesis
    - Added ASM to the test classpath (required by Easymock)
  * Use LC_ALL instead of LANG to format the date and make the documentation
    reproducible on the builders
  * Standards-Version updated to 3.9.7 (no changes)
  * Use secure Vcs-* URLs

ubuntu/wily-proposed 2015-08-28 16:22:36 UTC 2015-08-28
Import patches-unapplied version 7.0.64-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2015-08-28 07:47:33 UTC

Import patches-unapplied version 7.0.64-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 72d173f9bcd5de93812daaeacbd25f350d279766

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Install the missing WebSocket jars in /usr/share/tomcat7/lib/
    (Closes: #787220, LP: #1326687)
  * Changed the authbind configuration to allow IPv6 connections (LP: #1443041)
  * Fixed an upgrade error when /etc/tomcat7/tomcat-users.xml is removed
    (LP: #1010791)
  * Fixed a minor HTML error in the default index.html file (LP: #1236132)

ubuntu/wily 2015-08-28 16:22:36 UTC 2015-08-28
Import patches-unapplied version 7.0.64-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2015-08-28 07:47:33 UTC

Import patches-unapplied version 7.0.64-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 72d173f9bcd5de93812daaeacbd25f350d279766

New changelog entries:
  * Team upload.
  * New upstream release
    - Refreshed the patches
  * Install the missing WebSocket jars in /usr/share/tomcat7/lib/
    (Closes: #787220, LP: #1326687)
  * Changed the authbind configuration to allow IPv6 connections (LP: #1443041)
  * Fixed an upgrade error when /etc/tomcat7/tomcat-users.xml is removed
    (LP: #1010791)
  * Fixed a minor HTML error in the default index.html file (LP: #1236132)

ubuntu/vivid-updates 2015-06-25 12:18:43 UTC 2015-06-25
Import patches-unapplied version 7.0.56-2ubuntu0.1 to ubuntu/vivid-security

Author: Marc Deslauriers
Author Date: 2015-06-19 13:47:50 UTC

Import patches-unapplied version 7.0.56-2ubuntu0.1 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 2a0977a25cb1f0e58a64ae63aef6acf31f4d5faf

New changelog entries:
  * SECURITY UPDATE: SecurityManager bypass via Expression Language
    - debian/patches/CVE-2014-7810.patch: handle classes that may not be
      accessible but have accessible interfaces in
      java/javax/el/BeanELResolver.java, remove unnecessary code in
      java/org/apache/jasper/runtime/PageContextImpl.java,
      java/org/apache/jasper/security/SecurityClassLoad.java.
    - CVE-2014-7810

ubuntu/utopic-updates 2015-06-25 12:18:43 UTC 2015-06-25
Import patches-unapplied version 7.0.55-1ubuntu0.2 to ubuntu/utopic-security

Author: Marc Deslauriers
Author Date: 2015-06-19 13:52:59 UTC

Import patches-unapplied version 7.0.55-1ubuntu0.2 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: 499c912e547b51aedd2e7b5a1ff3cf17a2b5a877

New changelog entries:
  * SECURITY UPDATE: SecurityManager bypass via Expression Language
    - debian/patches/CVE-2014-7810.patch: handle classes that may not be
      accessible but have accessible interfaces in
      java/javax/el/BeanELResolver.java, remove unnecessary code in
      java/org/apache/jasper/runtime/PageContextImpl.java,
      java/org/apache/jasper/security/SecurityClassLoad.java.
    - CVE-2014-7810
  * Replace expired ssl certs and use TLS to fix tests causing FTBFS:
    - debian/patches/0022-use-tls-in-ssl-unit-tests.patch
    - debian/patches/0023-replace-expired-ssl-certificates.patch
    - debian/source/include-binaries

ubuntu/vivid-security 2015-06-25 12:18:43 UTC 2015-06-25
Import patches-unapplied version 7.0.56-2ubuntu0.1 to ubuntu/vivid-security

Author: Marc Deslauriers
Author Date: 2015-06-19 13:47:50 UTC

Import patches-unapplied version 7.0.56-2ubuntu0.1 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 2a0977a25cb1f0e58a64ae63aef6acf31f4d5faf

New changelog entries:
  * SECURITY UPDATE: SecurityManager bypass via Expression Language
    - debian/patches/CVE-2014-7810.patch: handle classes that may not be
      accessible but have accessible interfaces in
      java/javax/el/BeanELResolver.java, remove unnecessary code in
      java/org/apache/jasper/runtime/PageContextImpl.java,
      java/org/apache/jasper/security/SecurityClassLoad.java.
    - CVE-2014-7810

ubuntu/utopic-devel 2015-06-25 12:18:43 UTC 2015-06-25
Import patches-unapplied version 7.0.55-1ubuntu0.2 to ubuntu/utopic-security

Author: Marc Deslauriers
Author Date: 2015-06-19 13:52:59 UTC

Import patches-unapplied version 7.0.55-1ubuntu0.2 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: 499c912e547b51aedd2e7b5a1ff3cf17a2b5a877

New changelog entries:
  * SECURITY UPDATE: SecurityManager bypass via Expression Language
    - debian/patches/CVE-2014-7810.patch: handle classes that may not be
      accessible but have accessible interfaces in
      java/javax/el/BeanELResolver.java, remove unnecessary code in
      java/org/apache/jasper/runtime/PageContextImpl.java,
      java/org/apache/jasper/security/SecurityClassLoad.java.
    - CVE-2014-7810
  * Replace expired ssl certs and use TLS to fix tests causing FTBFS:
    - debian/patches/0022-use-tls-in-ssl-unit-tests.patch
    - debian/patches/0023-replace-expired-ssl-certificates.patch
    - debian/source/include-binaries

ubuntu/utopic-security 2015-06-25 12:18:43 UTC 2015-06-25
Import patches-unapplied version 7.0.55-1ubuntu0.2 to ubuntu/utopic-security

Author: Marc Deslauriers
Author Date: 2015-06-19 13:52:59 UTC

Import patches-unapplied version 7.0.55-1ubuntu0.2 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: 499c912e547b51aedd2e7b5a1ff3cf17a2b5a877

New changelog entries:
  * SECURITY UPDATE: SecurityManager bypass via Expression Language
    - debian/patches/CVE-2014-7810.patch: handle classes that may not be
      accessible but have accessible interfaces in
      java/javax/el/BeanELResolver.java, remove unnecessary code in
      java/org/apache/jasper/runtime/PageContextImpl.java,
      java/org/apache/jasper/security/SecurityClassLoad.java.
    - CVE-2014-7810
  * Replace expired ssl certs and use TLS to fix tests causing FTBFS:
    - debian/patches/0022-use-tls-in-ssl-unit-tests.patch
    - debian/patches/0023-replace-expired-ssl-certificates.patch
    - debian/source/include-binaries

ubuntu/vivid-devel 2015-06-25 12:18:43 UTC 2015-06-25
Import patches-unapplied version 7.0.56-2ubuntu0.1 to ubuntu/vivid-security

Author: Marc Deslauriers
Author Date: 2015-06-19 13:47:50 UTC

Import patches-unapplied version 7.0.56-2ubuntu0.1 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 2a0977a25cb1f0e58a64ae63aef6acf31f4d5faf

New changelog entries:
  * SECURITY UPDATE: SecurityManager bypass via Expression Language
    - debian/patches/CVE-2014-7810.patch: handle classes that may not be
      accessible but have accessible interfaces in
      java/javax/el/BeanELResolver.java, remove unnecessary code in
      java/org/apache/jasper/runtime/PageContextImpl.java,
      java/org/apache/jasper/security/SecurityClassLoad.java.
    - CVE-2014-7810

debian/experimental 2015-03-28 16:10:55 UTC 2015-03-28
Import patches-unapplied version 7.0.59-2 to debian/experimental

Author: Miguel Landaeta
Author Date: 2015-03-28 03:58:12 UTC

Import patches-unapplied version 7.0.59-2 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: b8932b15e84dfa6375d94b98953ebeb6d406aa8a

New changelog entries:
  * Fix FTBFS due to some X509 certificates provided by upstream expired
    and were causing failures in unit tests as well, so they were
    regenerated. (Closes: #780519).
  * Fix FTBFS error by disabling some unit tests that depends on
    having network access.

applied/debian/experimental 2015-03-28 16:10:55 UTC 2015-03-28
Import patches-applied version 7.0.59-2 to applied/debian/experimental

Author: Miguel Landaeta
Author Date: 2015-03-28 03:58:12 UTC

Import patches-applied version 7.0.59-2 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: befdb84913f63984dd3470c5c572a704c979ceed
Unapplied parent: 460813a5c9a50f6d48fa4017216876550be3a16a

New changelog entries:
  * Fix FTBFS due to some X509 certificates provided by upstream expired
    and were causing failures in unit tests as well, so they were
    regenerated. (Closes: #780519).
  * Fix FTBFS error by disabling some unit tests that depends on
    having network access.

ubuntu/vivid 2015-03-26 16:16:53 UTC 2015-03-26
Import patches-unapplied version 7.0.56-2 to debian/sid

Author: Miguel Landaeta
Author Date: 2015-03-26 03:15:03 UTC

Import patches-unapplied version 7.0.56-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c42e79419e4c7f6a2c9d179f927ffcb1aa745541

New changelog entries:
  * Fix FTBFS error by making sure SSL unit tests use TLS protocols.
    - SSLv3 and previous protocols are not secure and deprecated
      in JDK7.
    - Additionally, some X509 certificates provided by upstream expired
      and were causing failures in unit tests as well, so they were
      regenerated. (Closes: #780519).
  * Fix FTBFS error by disabling some unit tests that depends on
    having network access.

ubuntu/vivid-proposed 2015-03-26 16:16:53 UTC 2015-03-26
Import patches-unapplied version 7.0.56-2 to debian/sid

Author: Miguel Landaeta
Author Date: 2015-03-26 03:15:03 UTC

Import patches-unapplied version 7.0.56-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c42e79419e4c7f6a2c9d179f927ffcb1aa745541

New changelog entries:
  * Fix FTBFS error by making sure SSL unit tests use TLS protocols.
    - SSLv3 and previous protocols are not secure and deprecated
      in JDK7.
    - Additionally, some X509 certificates provided by upstream expired
      and were causing failures in unit tests as well, so they were
      regenerated. (Closes: #780519).
  * Fix FTBFS error by disabling some unit tests that depends on
    having network access.

ubuntu/utopic-proposed 2014-07-29 22:24:50 UTC 2014-07-29
Import patches-unapplied version 7.0.55-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2014-07-29 15:25:50 UTC

Import patches-unapplied version 7.0.55-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 822c349bd4c90e5c39fd0858b55490857948b730

New changelog entries:
  * New upstream release
  * Refreshed the patches

ubuntu/utopic 2014-07-29 22:24:50 UTC 2014-07-29
Import patches-unapplied version 7.0.55-1 to debian/sid

Author: Emmanuel Bourg
Author Date: 2014-07-29 15:25:50 UTC

Import patches-unapplied version 7.0.55-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 822c349bd4c90e5c39fd0858b55490857948b730

New changelog entries:
  * New upstream release
  * Refreshed the patches

ubuntu/quantal-security 2014-03-06 13:23:30 UTC 2014-03-06
Import patches-unapplied version 7.0.30-0ubuntu1.3 to ubuntu/quantal-security

Author: Marc Deslauriers
Author Date: 2014-03-04 15:45:20 UTC

Import patches-unapplied version 7.0.30-0ubuntu1.3 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: bb19f3cdcfb69e483e0423ebcd779abb68c2e0f5

New changelog entries:
  * SECURITY UPDATE: request smuggling attack via content-length headers
    - debian/patches/CVE-2013-4286.patch: use long as content length in
      java/org/apache/coyote/Request.java, handle multiple content lengths
      in java/org/apache/coyote/ajp/AbstractAjpProcessor.java, handle
      content length and chunked encoding being both specified in
      java/org/apache/coyote/http11/AbstractHttp11Processor.java.
    - CVE-2013-4286
  * SECURITY UPDATE: denial of service via chunked transfer coding
    - debian/patches/CVE-2013-4322.patch: enforce maximum size in
      java/org/apache/coyote/http11/{AbstractHttp11Processor.java,
      AbstractHttp11Protocol.java, Http11AprProcessor.java,
      Http11AprProtocol.java, Http11NioProcessor.java,
      Http11NioProtocol.java, Http11Processor.java, Http11Protocol.java},
      java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
      test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java,
      webapps/docs/config/http.xml.
    - CVE-2013-4322
  * SECURITY UPDATE: denial of service via malformed content-type header
    - debian/patches/CVE-2014-0050.patch: validate sizes in
      java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java,
      java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
    - CVE-2014-0050
  * d/p/0018-update-test-certificates.patch: remove binary parts to
    support newer quilt.

ubuntu/saucy-updates 2014-03-06 13:23:30 UTC 2014-03-06
Import patches-unapplied version 7.0.42-1ubuntu0.1 to ubuntu/saucy-security

Author: Marc Deslauriers
Author Date: 2014-03-04 15:22:07 UTC

Import patches-unapplied version 7.0.42-1ubuntu0.1 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: f98a19bf398ea850a73fb501d99c91e3f6e4fea3

New changelog entries:
  * SECURITY UPDATE: request smuggling attack via content-length headers
    - debian/patches/CVE-2013-4286.patch: use long as content length in
      java/org/apache/coyote/Request.java, handle multiple content lengths
      in java/org/apache/coyote/ajp/AbstractAjpProcessor.java, handle
      content length and chunked encoding being both specified in
      java/org/apache/coyote/http11/AbstractHttp11Processor.java.
    - CVE-2013-4286
  * SECURITY UPDATE: denial of service via chunked transfer coding
    - debian/patches/CVE-2013-4322.patch: enforce maximum size in
      java/org/apache/coyote/http11/{AbstractHttp11Processor.java,
      AbstractHttp11Protocol.java, Http11AprProcessor.java,
      Http11AprProtocol.java, Http11NioProcessor.java,
      Http11NioProtocol.java, Http11Processor.java, Http11Protocol.java},
      java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
      test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java,
      webapps/docs/config/http.xml.
    - CVE-2013-4322
  * SECURITY UPDATE: denial of service via malformed content-type header
    - debian/patches/CVE-2014-0050.patch: validate sizes in
      java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java,
      java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
    - CVE-2014-0050

ubuntu/saucy-devel 2014-03-06 13:23:30 UTC 2014-03-06
Import patches-unapplied version 7.0.42-1ubuntu0.1 to ubuntu/saucy-security

Author: Marc Deslauriers
Author Date: 2014-03-04 15:22:07 UTC

Import patches-unapplied version 7.0.42-1ubuntu0.1 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: f98a19bf398ea850a73fb501d99c91e3f6e4fea3

New changelog entries:
  * SECURITY UPDATE: request smuggling attack via content-length headers
    - debian/patches/CVE-2013-4286.patch: use long as content length in
      java/org/apache/coyote/Request.java, handle multiple content lengths
      in java/org/apache/coyote/ajp/AbstractAjpProcessor.java, handle
      content length and chunked encoding being both specified in
      java/org/apache/coyote/http11/AbstractHttp11Processor.java.
    - CVE-2013-4286
  * SECURITY UPDATE: denial of service via chunked transfer coding
    - debian/patches/CVE-2013-4322.patch: enforce maximum size in
      java/org/apache/coyote/http11/{AbstractHttp11Processor.java,
      AbstractHttp11Protocol.java, Http11AprProcessor.java,
      Http11AprProtocol.java, Http11NioProcessor.java,
      Http11NioProtocol.java, Http11Processor.java, Http11Protocol.java},
      java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
      test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java,
      webapps/docs/config/http.xml.
    - CVE-2013-4322
  * SECURITY UPDATE: denial of service via malformed content-type header
    - debian/patches/CVE-2014-0050.patch: validate sizes in
      java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java,
      java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
    - CVE-2014-0050

ubuntu/saucy-security 2014-03-06 13:23:30 UTC 2014-03-06
Import patches-unapplied version 7.0.42-1ubuntu0.1 to ubuntu/saucy-security

Author: Marc Deslauriers
Author Date: 2014-03-04 15:22:07 UTC

Import patches-unapplied version 7.0.42-1ubuntu0.1 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: f98a19bf398ea850a73fb501d99c91e3f6e4fea3

New changelog entries:
  * SECURITY UPDATE: request smuggling attack via content-length headers
    - debian/patches/CVE-2013-4286.patch: use long as content length in
      java/org/apache/coyote/Request.java, handle multiple content lengths
      in java/org/apache/coyote/ajp/AbstractAjpProcessor.java, handle
      content length and chunked encoding being both specified in
      java/org/apache/coyote/http11/AbstractHttp11Processor.java.
    - CVE-2013-4286
  * SECURITY UPDATE: denial of service via chunked transfer coding
    - debian/patches/CVE-2013-4322.patch: enforce maximum size in
      java/org/apache/coyote/http11/{AbstractHttp11Processor.java,
      AbstractHttp11Protocol.java, Http11AprProcessor.java,
      Http11AprProtocol.java, Http11NioProcessor.java,
      Http11NioProtocol.java, Http11Processor.java, Http11Protocol.java},
      java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
      test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java,
      webapps/docs/config/http.xml.
    - CVE-2013-4322
  * SECURITY UPDATE: denial of service via malformed content-type header
    - debian/patches/CVE-2014-0050.patch: validate sizes in
      java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java,
      java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
    - CVE-2014-0050

ubuntu/quantal-devel 2014-03-06 13:23:30 UTC 2014-03-06
Import patches-unapplied version 7.0.30-0ubuntu1.3 to ubuntu/quantal-security

Author: Marc Deslauriers
Author Date: 2014-03-04 15:45:20 UTC

Import patches-unapplied version 7.0.30-0ubuntu1.3 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: bb19f3cdcfb69e483e0423ebcd779abb68c2e0f5

New changelog entries:
  * SECURITY UPDATE: request smuggling attack via content-length headers
    - debian/patches/CVE-2013-4286.patch: use long as content length in
      java/org/apache/coyote/Request.java, handle multiple content lengths
      in java/org/apache/coyote/ajp/AbstractAjpProcessor.java, handle
      content length and chunked encoding being both specified in
      java/org/apache/coyote/http11/AbstractHttp11Processor.java.
    - CVE-2013-4286
  * SECURITY UPDATE: denial of service via chunked transfer coding
    - debian/patches/CVE-2013-4322.patch: enforce maximum size in
      java/org/apache/coyote/http11/{AbstractHttp11Processor.java,
      AbstractHttp11Protocol.java, Http11AprProcessor.java,
      Http11AprProtocol.java, Http11NioProcessor.java,
      Http11NioProtocol.java, Http11Processor.java, Http11Protocol.java},
      java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
      test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java,
      webapps/docs/config/http.xml.
    - CVE-2013-4322
  * SECURITY UPDATE: denial of service via malformed content-type header
    - debian/patches/CVE-2014-0050.patch: validate sizes in
      java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java,
      java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
    - CVE-2014-0050
  * d/p/0018-update-test-certificates.patch: remove binary parts to
    support newer quilt.

ubuntu/quantal-updates 2014-03-06 13:23:30 UTC 2014-03-06
Import patches-unapplied version 7.0.30-0ubuntu1.3 to ubuntu/quantal-security

Author: Marc Deslauriers
Author Date: 2014-03-04 15:45:20 UTC

Import patches-unapplied version 7.0.30-0ubuntu1.3 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: bb19f3cdcfb69e483e0423ebcd779abb68c2e0f5

New changelog entries:
  * SECURITY UPDATE: request smuggling attack via content-length headers
    - debian/patches/CVE-2013-4286.patch: use long as content length in
      java/org/apache/coyote/Request.java, handle multiple content lengths
      in java/org/apache/coyote/ajp/AbstractAjpProcessor.java, handle
      content length and chunked encoding being both specified in
      java/org/apache/coyote/http11/AbstractHttp11Processor.java.
    - CVE-2013-4286
  * SECURITY UPDATE: denial of service via chunked transfer coding
    - debian/patches/CVE-2013-4322.patch: enforce maximum size in
      java/org/apache/coyote/http11/{AbstractHttp11Processor.java,
      AbstractHttp11Protocol.java, Http11AprProcessor.java,
      Http11AprProtocol.java, Http11NioProcessor.java,
      Http11NioProtocol.java, Http11Processor.java, Http11Protocol.java},
      java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
      test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java,
      webapps/docs/config/http.xml.
    - CVE-2013-4322
  * SECURITY UPDATE: denial of service via malformed content-type header
    - debian/patches/CVE-2014-0050.patch: validate sizes in
      java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java,
      java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
    - CVE-2014-0050
  * d/p/0018-update-test-certificates.patch: remove binary parts to
    support newer quilt.

ubuntu/trusty 2014-02-21 10:18:02 UTC 2014-02-21
Import patches-unapplied version 7.0.52-1 to debian/sid

Author: Gianfranco Costamagna
Author Date: 2014-02-19 13:09:48 UTC

Import patches-unapplied version 7.0.52-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8208c8b6bde6242986d1ceb512c1abc2709d6315

New changelog entries:
  * Team upload.
  * New upstream release.
    - Addresses security issue: CVE-2014-0050

ubuntu/saucy 2013-07-31 10:23:40 UTC 2013-07-31
Import patches-unapplied version 7.0.42-1 to debian/sid

Author: Gianfranco Costamagna
Author Date: 2013-07-16 15:34:58 UTC

Import patches-unapplied version 7.0.42-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: fb00e5e465ce10f3f29f1f3889b629760a3f7c85

New changelog entries:
  [ Gianfranco Costamagna ]
  * Team upload.
  * New upstream release.
  * Added libhamcrest-java >= 1.3 as build-dep,
    tweaked debian/rules.
  * Bumped compat level to 9.
  * Removed some version checks, newer releases already in oldstable.
  * Refresh patches.
  * debian/control: changed Vcs-Git and Vcs-Browser fields,
    now they are canonical.
  * Fixed error message in Tomcat init script,
    patch by Thijs Kinkhorst (Closes: #714348)
  * New upstream release (Closes: #712978).
  * Refresh patches.
  * Added version check for libtcnative-1
    (Closes: #712638, lp: #1092548)

ubuntu/saucy-proposed 2013-07-31 10:23:40 UTC 2013-07-31
Import patches-unapplied version 7.0.42-1 to debian/sid

Author: Gianfranco Costamagna
Author Date: 2013-07-16 15:34:58 UTC

Import patches-unapplied version 7.0.42-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: fb00e5e465ce10f3f29f1f3889b629760a3f7c85

New changelog entries:
  [ Gianfranco Costamagna ]
  * Team upload.
  * New upstream release.
  * Added libhamcrest-java >= 1.3 as build-dep,
    tweaked debian/rules.
  * Bumped compat level to 9.
  * Removed some version checks, newer releases already in oldstable.
  * Refresh patches.
  * debian/control: changed Vcs-Git and Vcs-Browser fields,
    now they are canonical.
  * Fixed error message in Tomcat init script,
    patch by Thijs Kinkhorst (Closes: #714348)
  * New upstream release (Closes: #712978).
  * Refresh patches.
  * Added version check for libtcnative-1
    (Closes: #712638, lp: #1092548)

ubuntu/raring-updates 2013-05-28 17:03:26 UTC 2013-05-28
Import patches-unapplied version 7.0.35-1~exp2ubuntu1.1 to ubuntu/raring-secu...

Author: Marc Deslauriers
Author Date: 2013-05-21 14:07:15 UTC

Import patches-unapplied version 7.0.35-1~exp2ubuntu1.1 to ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: 58eef8c2e35a56f6516724e2e055a0f29af9375d

New changelog entries:
  * SECURITY UPDATE: information leak via AsyncListeners and
    RuntimeExceptions (LP: #1178645)
    - debian/patches/CVE-2013-2071.patch: catch RuntimeExceptions in
      java/org/apache/catalina/core/AsyncContextImpl.java, added tests to
      test/org/apache/catalina/core/TestAsyncContextImpl.java.
    - CVE-2013-2071

ubuntu/raring-security 2013-05-28 17:03:26 UTC 2013-05-28
Import patches-unapplied version 7.0.35-1~exp2ubuntu1.1 to ubuntu/raring-secu...

Author: Marc Deslauriers
Author Date: 2013-05-21 14:07:15 UTC

Import patches-unapplied version 7.0.35-1~exp2ubuntu1.1 to ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: 58eef8c2e35a56f6516724e2e055a0f29af9375d

New changelog entries:
  * SECURITY UPDATE: information leak via AsyncListeners and
    RuntimeExceptions (LP: #1178645)
    - debian/patches/CVE-2013-2071.patch: catch RuntimeExceptions in
      java/org/apache/catalina/core/AsyncContextImpl.java, added tests to
      test/org/apache/catalina/core/TestAsyncContextImpl.java.
    - CVE-2013-2071

ubuntu/raring-devel 2013-05-28 17:03:26 UTC 2013-05-28
Import patches-unapplied version 7.0.35-1~exp2ubuntu1.1 to ubuntu/raring-secu...

Author: Marc Deslauriers
Author Date: 2013-05-21 14:07:15 UTC

Import patches-unapplied version 7.0.35-1~exp2ubuntu1.1 to ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: 58eef8c2e35a56f6516724e2e055a0f29af9375d

New changelog entries:
  * SECURITY UPDATE: information leak via AsyncListeners and
    RuntimeExceptions (LP: #1178645)
    - debian/patches/CVE-2013-2071.patch: catch RuntimeExceptions in
      java/org/apache/catalina/core/AsyncContextImpl.java, added tests to
      test/org/apache/catalina/core/TestAsyncContextImpl.java.
    - CVE-2013-2071

ubuntu/raring 2013-04-08 13:25:53 UTC 2013-04-08
Import patches-unapplied version 7.0.35-1~exp2ubuntu1 to ubuntu/raring-proposed

Author: James Page
Author Date: 2013-04-08 13:02:42 UTC

Import patches-unapplied version 7.0.35-1~exp2ubuntu1 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 9d6236e36596267ad814163898b092335640ec28

New changelog entries:
  * Fix FTBFS due to expired test certificates (LP: #1166187):
    - d/keystores/*.jks: Newer keystores from upstream 7.0.39.
    - d/rules: Install newer keystores for testing, tidy up after use.
    - d/p/0018-update-test-certificates.patch: Cherry picked fixes from
      upstream VCS to update text based certificates.

ubuntu/raring-proposed 2013-04-08 13:25:53 UTC 2013-04-08
Import patches-unapplied version 7.0.35-1~exp2ubuntu1 to ubuntu/raring-proposed

Author: James Page
Author Date: 2013-04-08 13:02:42 UTC

Import patches-unapplied version 7.0.35-1~exp2ubuntu1 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: 9d6236e36596267ad814163898b092335640ec28

New changelog entries:
  * Fix FTBFS due to expired test certificates (LP: #1166187):
    - d/keystores/*.jks: Newer keystores from upstream 7.0.39.
    - d/rules: Install newer keystores for testing, tidy up after use.
    - d/p/0018-update-test-certificates.patch: Cherry picked fixes from
      upstream VCS to update text based certificates.

applied/ubuntu/precise-security 2013-04-01 21:03:10 UTC 2013-04-01
Import patches-applied version 7.0.26-1ubuntu1.2 to applied/ubuntu/precise-se...

Author: Christian Kuersteiner
Author Date: 2013-03-19 13:48:19 UTC

Import patches-applied version 7.0.26-1ubuntu1.2 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: a28339679ae343a048484fe48d3d9fce475dcc5f
Unapplied parent: dc7291a6ddc4e2fce7afbacd6ec3e6b5e8a3385c

New changelog entries:
  [Christian Kuersteiner]
  * SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
    (LP: #1115053)
    - debian/patches/0013-CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
      Service. Based on upstream patch.
    - CVE-2012-2733
    - debian/patches/0014-CVE-2012-3546.patch: Fix for bypass of security
      constraints. Based on upstream patch.
    - CVE-2012-3546
    - debian/patches/0015-CVE-2012-4431.patch: Fix for bypass of CSRF prevention
      filter. Based on upstream patch.
    - CVE-2012-4431
    - debian/patches/0016-CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
      Service Vulnerability. Based on upstream patch.
    - CVE-2012-4534
    - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
      weaknesses. Based on upstream patch.
    - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887
  [ Jamie Strandboge ]
  * allow for easily running the testsuite:
    - debian/control: add testsuite build-depends
    - debian/rules:
      + add 'testsuite' target
      + add ANT_TS_ARGS for use in the testsuite target
      + cleanup the testsuite
    - add debian/README.source for information on how to use the testsuite

applied/ubuntu/precise-devel 2013-04-01 21:03:10 UTC 2013-04-01
Import patches-applied version 7.0.26-1ubuntu1.2 to applied/ubuntu/precise-se...

Author: Christian Kuersteiner
Author Date: 2013-03-19 13:48:19 UTC

Import patches-applied version 7.0.26-1ubuntu1.2 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: a28339679ae343a048484fe48d3d9fce475dcc5f
Unapplied parent: dc7291a6ddc4e2fce7afbacd6ec3e6b5e8a3385c

New changelog entries:
  [Christian Kuersteiner]
  * SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
    (LP: #1115053)
    - debian/patches/0013-CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
      Service. Based on upstream patch.
    - CVE-2012-2733
    - debian/patches/0014-CVE-2012-3546.patch: Fix for bypass of security
      constraints. Based on upstream patch.
    - CVE-2012-3546
    - debian/patches/0015-CVE-2012-4431.patch: Fix for bypass of CSRF prevention
      filter. Based on upstream patch.
    - CVE-2012-4431
    - debian/patches/0016-CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
      Service Vulnerability. Based on upstream patch.
    - CVE-2012-4534
    - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
      weaknesses. Based on upstream patch.
    - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887
  [ Jamie Strandboge ]
  * allow for easily running the testsuite:
    - debian/control: add testsuite build-depends
    - debian/rules:
      + add 'testsuite' target
      + add ANT_TS_ARGS for use in the testsuite target
      + cleanup the testsuite
    - add debian/README.source for information on how to use the testsuite

ubuntu/precise-updates 2013-04-01 21:03:10 UTC 2013-04-01
Import patches-unapplied version 7.0.26-1ubuntu1.2 to ubuntu/precise-security

Author: Christian Kuersteiner
Author Date: 2013-03-19 13:48:19 UTC

Import patches-unapplied version 7.0.26-1ubuntu1.2 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 5a8d88be4284c5c2ed5016fe826e562f1e0aa79c

New changelog entries:
  [Christian Kuersteiner]
  * SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
    (LP: #1115053)
    - debian/patches/0013-CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
      Service. Based on upstream patch.
    - CVE-2012-2733
    - debian/patches/0014-CVE-2012-3546.patch: Fix for bypass of security
      constraints. Based on upstream patch.
    - CVE-2012-3546
    - debian/patches/0015-CVE-2012-4431.patch: Fix for bypass of CSRF prevention
      filter. Based on upstream patch.
    - CVE-2012-4431
    - debian/patches/0016-CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
      Service Vulnerability. Based on upstream patch.
    - CVE-2012-4534
    - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
      weaknesses. Based on upstream patch.
    - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887
  [ Jamie Strandboge ]
  * allow for easily running the testsuite:
    - debian/control: add testsuite build-depends
    - debian/rules:
      + add 'testsuite' target
      + add ANT_TS_ARGS for use in the testsuite target
      + cleanup the testsuite
    - add debian/README.source for information on how to use the testsuite

ubuntu/precise-security 2013-04-01 21:03:10 UTC 2013-04-01
Import patches-unapplied version 7.0.26-1ubuntu1.2 to ubuntu/precise-security

Author: Christian Kuersteiner
Author Date: 2013-03-19 13:48:19 UTC

Import patches-unapplied version 7.0.26-1ubuntu1.2 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 5a8d88be4284c5c2ed5016fe826e562f1e0aa79c

New changelog entries:
  [Christian Kuersteiner]
  * SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
    (LP: #1115053)
    - debian/patches/0013-CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
      Service. Based on upstream patch.
    - CVE-2012-2733
    - debian/patches/0014-CVE-2012-3546.patch: Fix for bypass of security
      constraints. Based on upstream patch.
    - CVE-2012-3546
    - debian/patches/0015-CVE-2012-4431.patch: Fix for bypass of CSRF prevention
      filter. Based on upstream patch.
    - CVE-2012-4431
    - debian/patches/0016-CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
      Service Vulnerability. Based on upstream patch.
    - CVE-2012-4534
    - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
      weaknesses. Based on upstream patch.
    - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887
  [ Jamie Strandboge ]
  * allow for easily running the testsuite:
    - debian/control: add testsuite build-depends
    - debian/rules:
      + add 'testsuite' target
      + add ANT_TS_ARGS for use in the testsuite target
      + cleanup the testsuite
    - add debian/README.source for information on how to use the testsuite

ubuntu/precise-devel 2013-04-01 21:03:10 UTC 2013-04-01
Import patches-unapplied version 7.0.26-1ubuntu1.2 to ubuntu/precise-security

Author: Christian Kuersteiner
Author Date: 2013-03-19 13:48:19 UTC

Import patches-unapplied version 7.0.26-1ubuntu1.2 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 5a8d88be4284c5c2ed5016fe826e562f1e0aa79c

New changelog entries:
  [Christian Kuersteiner]
  * SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
    (LP: #1115053)
    - debian/patches/0013-CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
      Service. Based on upstream patch.
    - CVE-2012-2733
    - debian/patches/0014-CVE-2012-3546.patch: Fix for bypass of security
      constraints. Based on upstream patch.
    - CVE-2012-3546
    - debian/patches/0015-CVE-2012-4431.patch: Fix for bypass of CSRF prevention
      filter. Based on upstream patch.
    - CVE-2012-4431
    - debian/patches/0016-CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
      Service Vulnerability. Based on upstream patch.
    - CVE-2012-4534
    - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
      weaknesses. Based on upstream patch.
    - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887
  [ Jamie Strandboge ]
  * allow for easily running the testsuite:
    - debian/control: add testsuite build-depends
    - debian/rules:
      + add 'testsuite' target
      + add ANT_TS_ARGS for use in the testsuite target
      + cleanup the testsuite
    - add debian/README.source for information on how to use the testsuite

applied/ubuntu/precise-updates 2013-04-01 21:03:10 UTC 2013-04-01
Import patches-applied version 7.0.26-1ubuntu1.2 to applied/ubuntu/precise-se...

Author: Christian Kuersteiner
Author Date: 2013-03-19 13:48:19 UTC

Import patches-applied version 7.0.26-1ubuntu1.2 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: a28339679ae343a048484fe48d3d9fce475dcc5f
Unapplied parent: dc7291a6ddc4e2fce7afbacd6ec3e6b5e8a3385c

New changelog entries:
  [Christian Kuersteiner]
  * SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
    (LP: #1115053)
    - debian/patches/0013-CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
      Service. Based on upstream patch.
    - CVE-2012-2733
    - debian/patches/0014-CVE-2012-3546.patch: Fix for bypass of security
      constraints. Based on upstream patch.
    - CVE-2012-3546
    - debian/patches/0015-CVE-2012-4431.patch: Fix for bypass of CSRF prevention
      filter. Based on upstream patch.
    - CVE-2012-4431
    - debian/patches/0016-CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
      Service Vulnerability. Based on upstream patch.
    - CVE-2012-4534
    - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
      weaknesses. Based on upstream patch.
    - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887
  [ Jamie Strandboge ]
  * allow for easily running the testsuite:
    - debian/control: add testsuite build-depends
    - debian/rules:
      + add 'testsuite' target
      + add ANT_TS_ARGS for use in the testsuite target
      + cleanup the testsuite
    - add debian/README.source for information on how to use the testsuite

ubuntu/oneiric-updates 2013-03-16 07:33:12 UTC 2013-03-16
Import patches-unapplied version 7.0.21-1ubuntu0.1 to ubuntu/oneiric-security

Author: Christian Kuersteiner
Author Date: 2013-03-15 22:40:27 UTC

Import patches-unapplied version 7.0.21-1ubuntu0.1 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 843adadcdacfb75167c7d22617a114b6a9c5c021

New changelog entries:
  [Christian Kuersteiner]
  * SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
    (LP: #1115053)
    - debian/patches/CVE-2012-0022.patch: Fix for Denial of service. Based on
      upstream patch.
    - CVE-2012-0022, CVE-2011-4858
    - debian/patches/CVE-2011-3375.patch: Fix for information disclosure. Based
      on upstream patch.
    - CVE-2011-3375
    - debian/patches/CVE-2011-3376.patch: Fix for privilege escalation. Based on
      upstream patch.
    - CVE-2011-3376
    - debian/patches/CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
      Service. Based on upstream patch.
    - CVE-2012-2733
    - debian/patches/CVE-2012-3546.patch: Fix for bypass of security
      constraints. Based on upstream patch.
    - CVE-2012-3546
    - debian/patches/CVE-2012-4431.patch: Fix for bypass of CSRF prevention
      filter. Based on upstream patch.
    - CVE-2012-4431
    - debian/patches/CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
      Service Vulnerability. Based on upstream patch.
    - CVE-2012-4534
    - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
      weaknesses. Based on upstream patch.
    - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887
  [ Jamie Strandboge ]
  * allow for easily running the testsuite:
    - debian/control: add testsuite build-depends
    - debian/rules:
      + add 'testsuite' target
      + add ANT_TS_ARGS for use in the testsuite target
      + cleanup the testsuite
    - add debian/README.source for information on how to use the testsuite

ubuntu/oneiric-devel 2013-03-16 07:33:12 UTC 2013-03-16
Import patches-unapplied version 7.0.21-1ubuntu0.1 to ubuntu/oneiric-security

Author: Christian Kuersteiner
Author Date: 2013-03-15 22:40:27 UTC

Import patches-unapplied version 7.0.21-1ubuntu0.1 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 843adadcdacfb75167c7d22617a114b6a9c5c021

New changelog entries:
  [Christian Kuersteiner]
  * SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
    (LP: #1115053)
    - debian/patches/CVE-2012-0022.patch: Fix for Denial of service. Based on
      upstream patch.
    - CVE-2012-0022, CVE-2011-4858
    - debian/patches/CVE-2011-3375.patch: Fix for information disclosure. Based
      on upstream patch.
    - CVE-2011-3375
    - debian/patches/CVE-2011-3376.patch: Fix for privilege escalation. Based on
      upstream patch.
    - CVE-2011-3376
    - debian/patches/CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
      Service. Based on upstream patch.
    - CVE-2012-2733
    - debian/patches/CVE-2012-3546.patch: Fix for bypass of security
      constraints. Based on upstream patch.
    - CVE-2012-3546
    - debian/patches/CVE-2012-4431.patch: Fix for bypass of CSRF prevention
      filter. Based on upstream patch.
    - CVE-2012-4431
    - debian/patches/CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
      Service Vulnerability. Based on upstream patch.
    - CVE-2012-4534
    - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
      weaknesses. Based on upstream patch.
    - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887
  [ Jamie Strandboge ]
  * allow for easily running the testsuite:
    - debian/control: add testsuite build-depends
    - debian/rules:
      + add 'testsuite' target
      + add ANT_TS_ARGS for use in the testsuite target
      + cleanup the testsuite
    - add debian/README.source for information on how to use the testsuite

applied/ubuntu/oneiric-devel 2013-03-16 07:33:12 UTC 2013-03-16
Import patches-applied version 7.0.21-1ubuntu0.1 to applied/ubuntu/oneiric-se...

Author: Christian Kuersteiner
Author Date: 2013-03-15 22:40:27 UTC

Import patches-applied version 7.0.21-1ubuntu0.1 to applied/ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 6670c632db3f47f7436c6d038fa70384effc3348
Unapplied parent: e631b6313fc6754cf97260c21eabafb492bfc875

New changelog entries:
  [Christian Kuersteiner]
  * SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
    (LP: #1115053)
    - debian/patches/CVE-2012-0022.patch: Fix for Denial of service. Based on
      upstream patch.
    - CVE-2012-0022, CVE-2011-4858
    - debian/patches/CVE-2011-3375.patch: Fix for information disclosure. Based
      on upstream patch.
    - CVE-2011-3375
    - debian/patches/CVE-2011-3376.patch: Fix for privilege escalation. Based on
      upstream patch.
    - CVE-2011-3376
    - debian/patches/CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
      Service. Based on upstream patch.
    - CVE-2012-2733
    - debian/patches/CVE-2012-3546.patch: Fix for bypass of security
      constraints. Based on upstream patch.
    - CVE-2012-3546
    - debian/patches/CVE-2012-4431.patch: Fix for bypass of CSRF prevention
      filter. Based on upstream patch.
    - CVE-2012-4431
    - debian/patches/CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
      Service Vulnerability. Based on upstream patch.
    - CVE-2012-4534
    - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
      weaknesses. Based on upstream patch.
    - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887
  [ Jamie Strandboge ]
  * allow for easily running the testsuite:
    - debian/control: add testsuite build-depends
    - debian/rules:
      + add 'testsuite' target
      + add ANT_TS_ARGS for use in the testsuite target
      + cleanup the testsuite
    - add debian/README.source for information on how to use the testsuite

applied/ubuntu/oneiric-security 2013-03-16 07:33:12 UTC 2013-03-16
Import patches-applied version 7.0.21-1ubuntu0.1 to applied/ubuntu/oneiric-se...

Author: Christian Kuersteiner
Author Date: 2013-03-15 22:40:27 UTC

Import patches-applied version 7.0.21-1ubuntu0.1 to applied/ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 6670c632db3f47f7436c6d038fa70384effc3348
Unapplied parent: e631b6313fc6754cf97260c21eabafb492bfc875

New changelog entries:
  [Christian Kuersteiner]
  * SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
    (LP: #1115053)
    - debian/patches/CVE-2012-0022.patch: Fix for Denial of service. Based on
      upstream patch.
    - CVE-2012-0022, CVE-2011-4858
    - debian/patches/CVE-2011-3375.patch: Fix for information disclosure. Based
      on upstream patch.
    - CVE-2011-3375
    - debian/patches/CVE-2011-3376.patch: Fix for privilege escalation. Based on
      upstream patch.
    - CVE-2011-3376
    - debian/patches/CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
      Service. Based on upstream patch.
    - CVE-2012-2733
    - debian/patches/CVE-2012-3546.patch: Fix for bypass of security
      constraints. Based on upstream patch.
    - CVE-2012-3546
    - debian/patches/CVE-2012-4431.patch: Fix for bypass of CSRF prevention
      filter. Based on upstream patch.
    - CVE-2012-4431
    - debian/patches/CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
      Service Vulnerability. Based on upstream patch.
    - CVE-2012-4534
    - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
      weaknesses. Based on upstream patch.
    - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887
  [ Jamie Strandboge ]
  * allow for easily running the testsuite:
    - debian/control: add testsuite build-depends
    - debian/rules:
      + add 'testsuite' target
      + add ANT_TS_ARGS for use in the testsuite target
      + cleanup the testsuite
    - add debian/README.source for information on how to use the testsuite

applied/ubuntu/oneiric-updates 2013-03-16 07:33:12 UTC 2013-03-16
Import patches-applied version 7.0.21-1ubuntu0.1 to applied/ubuntu/oneiric-se...

Author: Christian Kuersteiner
Author Date: 2013-03-15 22:40:27 UTC

Import patches-applied version 7.0.21-1ubuntu0.1 to applied/ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 6670c632db3f47f7436c6d038fa70384effc3348
Unapplied parent: e631b6313fc6754cf97260c21eabafb492bfc875

New changelog entries:
  [Christian Kuersteiner]
  * SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
    (LP: #1115053)
    - debian/patches/CVE-2012-0022.patch: Fix for Denial of service. Based on
      upstream patch.
    - CVE-2012-0022, CVE-2011-4858
    - debian/patches/CVE-2011-3375.patch: Fix for information disclosure. Based
      on upstream patch.
    - CVE-2011-3375
    - debian/patches/CVE-2011-3376.patch: Fix for privilege escalation. Based on
      upstream patch.
    - CVE-2011-3376
    - debian/patches/CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
      Service. Based on upstream patch.
    - CVE-2012-2733
    - debian/patches/CVE-2012-3546.patch: Fix for bypass of security
      constraints. Based on upstream patch.
    - CVE-2012-3546
    - debian/patches/CVE-2012-4431.patch: Fix for bypass of CSRF prevention
      filter. Based on upstream patch.
    - CVE-2012-4431
    - debian/patches/CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
      Service Vulnerability. Based on upstream patch.
    - CVE-2012-4534
    - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
      weaknesses. Based on upstream patch.
    - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887
  [ Jamie Strandboge ]
  * allow for easily running the testsuite:
    - debian/control: add testsuite build-depends
    - debian/rules:
      + add 'testsuite' target
      + add ANT_TS_ARGS for use in the testsuite target
      + cleanup the testsuite
    - add debian/README.source for information on how to use the testsuite

ubuntu/oneiric-security 2013-03-16 07:33:12 UTC 2013-03-16
Import patches-unapplied version 7.0.21-1ubuntu0.1 to ubuntu/oneiric-security

Author: Christian Kuersteiner
Author Date: 2013-03-15 22:40:27 UTC

Import patches-unapplied version 7.0.21-1ubuntu0.1 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 843adadcdacfb75167c7d22617a114b6a9c5c021

New changelog entries:
  [Christian Kuersteiner]
  * SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
    (LP: #1115053)
    - debian/patches/CVE-2012-0022.patch: Fix for Denial of service. Based on
      upstream patch.
    - CVE-2012-0022, CVE-2011-4858
    - debian/patches/CVE-2011-3375.patch: Fix for information disclosure. Based
      on upstream patch.
    - CVE-2011-3375
    - debian/patches/CVE-2011-3376.patch: Fix for privilege escalation. Based on
      upstream patch.
    - CVE-2011-3376
    - debian/patches/CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
      Service. Based on upstream patch.
    - CVE-2012-2733
    - debian/patches/CVE-2012-3546.patch: Fix for bypass of security
      constraints. Based on upstream patch.
    - CVE-2012-3546
    - debian/patches/CVE-2012-4431.patch: Fix for bypass of CSRF prevention
      filter. Based on upstream patch.
    - CVE-2012-4431
    - debian/patches/CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
      Service Vulnerability. Based on upstream patch.
    - CVE-2012-4534
    - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
      weaknesses. Based on upstream patch.
    - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887
  [ Jamie Strandboge ]
  * allow for easily running the testsuite:
    - debian/control: add testsuite build-depends
    - debian/rules:
      + add 'testsuite' target
      + add ANT_TS_ARGS for use in the testsuite target
      + cleanup the testsuite
    - add debian/README.source for information on how to use the testsuite

applied/ubuntu/devel 2013-02-25 16:24:43 UTC 2013-02-25
Import patches-applied version 7.0.35-1~exp2 to applied/debian/experimental

Author: James Page
Author Date: 2013-02-24 22:08:22 UTC

Import patches-applied version 7.0.35-1~exp2 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 007e101cbd6a3307ec332b9466c43b27e86e56fb
Unapplied parent: 09913e9750f676ebe76f9fd028267f530a82f8a9

New changelog entries:
  * Switch from Commons DBCP to Tomcat JDBC Pool as default connection
    pool implementation (Closes: #701023).

applied/ubuntu/raring-proposed 2013-02-25 16:24:43 UTC 2013-02-25
Import patches-applied version 7.0.35-1~exp2 to applied/debian/experimental

Author: James Page
Author Date: 2013-02-24 22:08:22 UTC

Import patches-applied version 7.0.35-1~exp2 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 007e101cbd6a3307ec332b9466c43b27e86e56fb
Unapplied parent: 09913e9750f676ebe76f9fd028267f530a82f8a9

New changelog entries:
  * Switch from Commons DBCP to Tomcat JDBC Pool as default connection
    pool implementation (Closes: #701023).

applied/ubuntu/raring-devel 2013-02-25 16:24:43 UTC 2013-02-25
Import patches-applied version 7.0.35-1~exp2 to applied/debian/experimental

Author: James Page
Author Date: 2013-02-24 22:08:22 UTC

Import patches-applied version 7.0.35-1~exp2 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 007e101cbd6a3307ec332b9466c43b27e86e56fb
Unapplied parent: 09913e9750f676ebe76f9fd028267f530a82f8a9

New changelog entries:
  * Switch from Commons DBCP to Tomcat JDBC Pool as default connection
    pool implementation (Closes: #701023).

applied/ubuntu/raring 2013-02-25 16:24:43 UTC 2013-02-25
Import patches-applied version 7.0.35-1~exp2 to applied/debian/experimental

Author: James Page
Author Date: 2013-02-24 22:08:22 UTC

Import patches-applied version 7.0.35-1~exp2 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 007e101cbd6a3307ec332b9466c43b27e86e56fb
Unapplied parent: 09913e9750f676ebe76f9fd028267f530a82f8a9

New changelog entries:
  * Switch from Commons DBCP to Tomcat JDBC Pool as default connection
    pool implementation (Closes: #701023).

applied/ubuntu/quantal-devel 2013-01-14 14:03:12 UTC 2013-01-14
Import patches-applied version 7.0.30-0ubuntu1.1 to applied/ubuntu/quantal-se...

Author: Marc Deslauriers
Author Date: 2013-01-10 14:35:41 UTC

Import patches-applied version 7.0.30-0ubuntu1.1 to applied/ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 559324984ff0b634df97ad67a23723871f328c06
Unapplied parent: 361190a432edb427fbd40b4d322aca9a040f2e15

New changelog entries:
  * SECURITY UPDATE: CSRF bypass via request with no session identifier
    - debian/patches/CVE-2012-4431.patch: check for session identifier in
      java/org/apache/catalina/filters/CsrfPreventionFilter.java.
    - CVE-2012-4431

applied/ubuntu/quantal-updates 2013-01-14 14:03:12 UTC 2013-01-14
Import patches-applied version 7.0.30-0ubuntu1.1 to applied/ubuntu/quantal-se...

Author: Marc Deslauriers
Author Date: 2013-01-10 14:35:41 UTC

Import patches-applied version 7.0.30-0ubuntu1.1 to applied/ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 559324984ff0b634df97ad67a23723871f328c06
Unapplied parent: 361190a432edb427fbd40b4d322aca9a040f2e15

New changelog entries:
  * SECURITY UPDATE: CSRF bypass via request with no session identifier
    - debian/patches/CVE-2012-4431.patch: check for session identifier in
      java/org/apache/catalina/filters/CsrfPreventionFilter.java.
    - CVE-2012-4431

applied/ubuntu/quantal-security 2013-01-14 14:03:12 UTC 2013-01-14
Import patches-applied version 7.0.30-0ubuntu1.1 to applied/ubuntu/quantal-se...

Author: Marc Deslauriers
Author Date: 2013-01-10 14:35:41 UTC

Import patches-applied version 7.0.30-0ubuntu1.1 to applied/ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 559324984ff0b634df97ad67a23723871f328c06
Unapplied parent: 361190a432edb427fbd40b4d322aca9a040f2e15

New changelog entries:
  * SECURITY UPDATE: CSRF bypass via request with no session identifier
    - debian/patches/CVE-2012-4431.patch: check for session identifier in
      java/org/apache/catalina/filters/CsrfPreventionFilter.java.
    - CVE-2012-4431

applied/ubuntu/quantal 2012-09-17 10:03:17 UTC 2012-09-17
Import patches-applied version 7.0.30-0ubuntu1 to applied/ubuntu/quantal

Author: James Page
Author Date: 2012-09-17 09:52:06 UTC

Import patches-applied version 7.0.30-0ubuntu1 to applied/ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: 339dbedd70eb0b810dfe30091f2bbf8b444c5bc8
Unapplied parent: ec247671cd77d95b50925503feabdd848ae93226

New changelog entries:
  * New upstream point release including several fixes for Java 7
    specific issues.
  * Refreshed patches.

ubuntu/quantal 2012-09-17 10:03:17 UTC 2012-09-17
Import patches-unapplied version 7.0.30-0ubuntu1 to ubuntu/quantal

Author: James Page
Author Date: 2012-09-17 09:52:06 UTC

Import patches-unapplied version 7.0.30-0ubuntu1 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: a659082395f747fd4352b6e7ec5895f801ab27f7

New changelog entries:
  * New upstream point release including several fixes for Java 7
    specific issues.
  * Refreshed patches.

applied/ubuntu/precise-proposed 2012-07-19 15:32:08 UTC 2012-07-19
Import patches-applied version 7.0.26-1ubuntu1.1 to applied/ubuntu/precise-pr...

Author: James Page
Author Date: 2012-07-12 20:52:17 UTC

Import patches-applied version 7.0.26-1ubuntu1.1 to applied/ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: befaf29be2c5ece9312408f318595e981b333b95
Unapplied parent: 8d269d23c646a9ec26b0819b3bec929cafb76520

New changelog entries:
  * Fix handling of JNDI lookups using javax.naming.Name (LP: #1012794):
    - d/patches/0012-lp-1012794-fix-jndi-lookup.patch: Cherry picked patch
      from upstream VCS which ensures that JNDI lookups that use Name
      rather than String don't fail.

ubuntu/precise-proposed 2012-07-19 15:32:08 UTC 2012-07-19
Import patches-unapplied version 7.0.26-1ubuntu1.1 to ubuntu/precise-proposed

Author: James Page
Author Date: 2012-07-12 20:52:17 UTC

Import patches-unapplied version 7.0.26-1ubuntu1.1 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: bb5e7bf7eb90b985ae45b3943a7f04ff24f417c5

New changelog entries:
  * Fix handling of JNDI lookups using javax.naming.Name (LP: #1012794):
    - d/patches/0012-lp-1012794-fix-jndi-lookup.patch: Cherry picked patch
      from upstream VCS which ensures that JNDI lookups that use Name
      rather than String don't fail.

applied/ubuntu/precise 2012-04-11 11:03:52 UTC 2012-04-11
Import patches-applied version 7.0.26-1ubuntu1 to applied/ubuntu/precise

Author: James Page
Author Date: 2012-04-11 09:49:51 UTC

Import patches-applied version 7.0.26-1ubuntu1 to applied/ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: 7537b6561dd543734cf45763b7c9096290639606
Unapplied parent: e61b4a7899585229b53b7eee311cab53173bc502

New changelog entries:
  * Handle creation of user instances with pathnames containing spaces
    (LP: #977498):
    - d/tomcat7-instance-create: Quote access to files and directories
      so that spaces can be used when creating user instances.

ubuntu/precise 2012-04-11 11:03:52 UTC 2012-04-11
Import patches-unapplied version 7.0.26-1ubuntu1 to ubuntu/precise

Author: James Page
Author Date: 2012-04-11 09:49:51 UTC

Import patches-unapplied version 7.0.26-1ubuntu1 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: 59195040df16ffb42d3f3b7ce04d55d6a91fc527

New changelog entries:
  * Handle creation of user instances with pathnames containing spaces
    (LP: #977498):
    - d/tomcat7-instance-create: Quote access to files and directories
      so that spaces can be used when creating user instances.

ubuntu/oneiric 2011-09-07 08:45:29 UTC 2011-09-07
Import patches-unapplied version 7.0.21-1 to debian/sid

Author: James Page
Author Date: 2011-09-07 08:45:29 UTC

Import patches-unapplied version 7.0.21-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 5f1681553fb0df909c6abcdf5fcd28c5d4e73353

New changelog entries:
  * New upstream release.
    - Includes fix for CVE-2011-3190.
  * Updated my email address.

applied/ubuntu/oneiric 2011-09-07 08:45:29 UTC 2011-09-07
Import patches-applied version 7.0.21-1 to applied/debian/sid

Author: James Page
Author Date: 2011-09-07 08:45:29 UTC

Import patches-applied version 7.0.21-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: ca58fd1f93b3ff6fd56bb00b237beac2c2c61dd1
Unapplied parent: 1fc4c332bb6c95b86ef1c11c505c30eadff193ac

New changelog entries:
  * New upstream release.
    - Includes fix for CVE-2011-3190.
  * Updated my email address.

197 of 97 results

Other repositories

Name Last Modified
lp:ubuntu/+source/tomcat7 2018-10-31
lp:~powersj/ubuntu/+source/tomcat7 2017-03-28
12 of 2 results
You can't create new repositories for tomcat7 in Ubuntu.