Ubuntu
tomcat7 package

View Git repositories
Name Status Last Modified Last Commit
lp:ubuntu/wily/tomcat7 1 Development 2015-08-28 09:47:33 UTC
38. * Team upload. * New upstream release...

Author: Emmanuel Bourg
Revision Date: 2015-08-28 09:47:33 UTC

* Team upload.
* New upstream release
  - Refreshed the patches
* Install the missing WebSocket jars in /usr/share/tomcat7/lib/
  (Closes: #787220, LP: #1326687)
* Changed the authbind configuration to allow IPv6 connections (LP: #1443041)
* Fixed an upgrade error when /etc/tomcat7/tomcat-users.xml is removed
  (LP: #1010791)
* Fixed a minor HTML error in the default index.html file (LP: #1236132)
lp:ubuntu/wily-proposed/tomcat7 1 Development 2015-08-28 09:47:33 UTC
38. * Team upload. * New upstream release...

Author: Emmanuel Bourg
Revision Date: 2015-08-28 09:47:33 UTC

* Team upload.
* New upstream release
  - Refreshed the patches
* Install the missing WebSocket jars in /usr/share/tomcat7/lib/
  (Closes: #787220, LP: #1326687)
* Changed the authbind configuration to allow IPv6 connections (LP: #1443041)
* Fixed an upgrade error when /etc/tomcat7/tomcat-users.xml is removed
  (LP: #1010791)
* Fixed a minor HTML error in the default index.html file (LP: #1236132)
lp:ubuntu/utopic-updates/tomcat7 2 Mature 2015-06-25 13:21:02 UTC
32. * SECURITY UPDATE: SecurityManager by...

Author: Marc Deslauriers
Revision Date: 2015-06-19 09:52:59 UTC

* SECURITY UPDATE: SecurityManager bypass via Expression Language
  - debian/patches/CVE-2014-7810.patch: handle classes that may not be
    accessible but have accessible interfaces in
    java/javax/el/BeanELResolver.java, remove unnecessary code in
    java/org/apache/jasper/runtime/PageContextImpl.java,
    java/org/apache/jasper/security/SecurityClassLoad.java.
  - CVE-2014-7810
* Replace expired ssl certs and use TLS to fix tests causing FTBFS:
  - debian/patches/0022-use-tls-in-ssl-unit-tests.patch
  - debian/patches/0023-replace-expired-ssl-certificates.patch
  - debian/source/include-binaries
lp:ubuntu/vivid-updates/tomcat7 2 Mature 2015-06-25 13:20:53 UTC
34. * SECURITY UPDATE: SecurityManager by...

Author: Marc Deslauriers
Revision Date: 2015-06-19 09:47:50 UTC

* SECURITY UPDATE: SecurityManager bypass via Expression Language
  - debian/patches/CVE-2014-7810.patch: handle classes that may not be
    accessible but have accessible interfaces in
    java/javax/el/BeanELResolver.java, remove unnecessary code in
    java/org/apache/jasper/runtime/PageContextImpl.java,
    java/org/apache/jasper/security/SecurityClassLoad.java.
  - CVE-2014-7810
lp:ubuntu/utopic-security/tomcat7 2 Mature 2015-06-25 12:30:57 UTC
32. * SECURITY UPDATE: SecurityManager by...

Author: Marc Deslauriers
Revision Date: 2015-06-19 09:52:59 UTC

* SECURITY UPDATE: SecurityManager bypass via Expression Language
  - debian/patches/CVE-2014-7810.patch: handle classes that may not be
    accessible but have accessible interfaces in
    java/javax/el/BeanELResolver.java, remove unnecessary code in
    java/org/apache/jasper/runtime/PageContextImpl.java,
    java/org/apache/jasper/security/SecurityClassLoad.java.
  - CVE-2014-7810
* Replace expired ssl certs and use TLS to fix tests causing FTBFS:
  - debian/patches/0022-use-tls-in-ssl-unit-tests.patch
  - debian/patches/0023-replace-expired-ssl-certificates.patch
  - debian/source/include-binaries
lp:ubuntu/trusty-security/tomcat7 bug 2 Mature 2015-06-25 12:30:51 UTC
33. * SECURITY UPDATE: arbitrary file dis...

Author: Marc Deslauriers
Revision Date: 2015-06-19 12:30:21 UTC

* SECURITY UPDATE: arbitrary file disclosure via XML parser
  (LP: #1449975)
  - debian/patches/CVE-2014-0119.patch: add defensive coding and ensure
    TLD parser obtained from cache has correct value of blockExternal in
    java/org/apache/catalina/security/SecurityClassLoad.java,
    java/org/apache/catalina/servlets/DefaultServlet.java,
    java/org/apache/catalina/startup/TldConfig.java,
    java/org/apache/jasper/compiler/JspDocumentParser.java,
    java/org/apache/jasper/xmlparser/ParserUtils.java,
    java/org/apache/tomcat/util/security/PrivilegedGetTccl.java,
    java/org/apache/tomcat/util/security/PrivilegedSetTccl.java.
  - CVE-2014-0119
* SECURITY UPDATE: HTTP request smuggling or denial of service via
  streaming with malformed chunked transfer encoding (LP: #1449975)
  - debian/patches/CVE-2014-0227.patch: add error flag and improve i18n
    in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
    java/org/apache/coyote/http11/filters/LocalStrings.properties.
  - CVE-2014-0227
* SECURITY UPDATE: denial of service via aborted upload attempts
  (LP: #1449975)
  - debian/patches/CVE-2014-0230.patch: limit amount of data in
    java/org/apache/coyote/http11/AbstractHttp11Processor.java,
    java/org/apache/coyote/http11/AbstractHttp11Protocol.java,
    java/org/apache/coyote/http11/Http11AprProcessor.java,
    java/org/apache/coyote/http11/Http11AprProtocol.java,
    java/org/apache/coyote/http11/Http11NioProcessor.java,
    java/org/apache/coyote/http11/Http11NioProtocol.java,
    java/org/apache/coyote/http11/Http11Processor.java,
    java/org/apache/coyote/http11/Http11Protocol.java,
    java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
    java/org/apache/coyote/http11/filters/IdentityInputFilter.java,
    java/org/apache/coyote/http11/filters/LocalStrings.properties,
    test/org/apache/catalina/core/TestSwallowAbortedUploads.java,
    webapps/docs/config/http.xml.
  - CVE-2014-0230
* SECURITY UPDATE: SecurityManager bypass via Expression Language
  - debian/patches/CVE-2014-7810.patch: handle classes that may not be
    accessible but have accessible interfaces in
    java/javax/el/BeanELResolver.java, remove unnecessary code in
    java/org/apache/jasper/runtime/PageContextImpl.java,
    java/org/apache/jasper/security/SecurityClassLoad.java.
  - CVE-2014-7810
* Replace expired ssl certs and use TLS to fix tests causing FTBFS:
  - debian/patches/0022-use-tls-in-ssl-unit-tests.patch
  - debian/patches/0023-replace-expired-ssl-certificates.patch
  - debian/source/include-binaries
lp:ubuntu/vivid-security/tomcat7 2 Mature 2015-06-25 12:30:42 UTC
34. * SECURITY UPDATE: SecurityManager by...

Author: Marc Deslauriers
Revision Date: 2015-06-19 09:47:50 UTC

* SECURITY UPDATE: SecurityManager bypass via Expression Language
  - debian/patches/CVE-2014-7810.patch: handle classes that may not be
    accessible but have accessible interfaces in
    java/javax/el/BeanELResolver.java, remove unnecessary code in
    java/org/apache/jasper/runtime/PageContextImpl.java,
    java/org/apache/jasper/security/SecurityClassLoad.java.
  - CVE-2014-7810
lp:ubuntu/trusty-updates/tomcat7 2 Mature 2015-06-19 12:30:21 UTC
33. * SECURITY UPDATE: arbitrary file dis...

Author: Marc Deslauriers
Revision Date: 2015-06-19 12:30:21 UTC

* SECURITY UPDATE: arbitrary file disclosure via XML parser
  (LP: #1449975)
  - debian/patches/CVE-2014-0119.patch: add defensive coding and ensure
    TLD parser obtained from cache has correct value of blockExternal in
    java/org/apache/catalina/security/SecurityClassLoad.java,
    java/org/apache/catalina/servlets/DefaultServlet.java,
    java/org/apache/catalina/startup/TldConfig.java,
    java/org/apache/jasper/compiler/JspDocumentParser.java,
    java/org/apache/jasper/xmlparser/ParserUtils.java,
    java/org/apache/tomcat/util/security/PrivilegedGetTccl.java,
    java/org/apache/tomcat/util/security/PrivilegedSetTccl.java.
  - CVE-2014-0119
* SECURITY UPDATE: HTTP request smuggling or denial of service via
  streaming with malformed chunked transfer encoding (LP: #1449975)
  - debian/patches/CVE-2014-0227.patch: add error flag and improve i18n
    in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
    java/org/apache/coyote/http11/filters/LocalStrings.properties.
  - CVE-2014-0227
* SECURITY UPDATE: denial of service via aborted upload attempts
  (LP: #1449975)
  - debian/patches/CVE-2014-0230.patch: limit amount of data in
    java/org/apache/coyote/http11/AbstractHttp11Processor.java,
    java/org/apache/coyote/http11/AbstractHttp11Protocol.java,
    java/org/apache/coyote/http11/Http11AprProcessor.java,
    java/org/apache/coyote/http11/Http11AprProtocol.java,
    java/org/apache/coyote/http11/Http11NioProcessor.java,
    java/org/apache/coyote/http11/Http11NioProtocol.java,
    java/org/apache/coyote/http11/Http11Processor.java,
    java/org/apache/coyote/http11/Http11Protocol.java,
    java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
    java/org/apache/coyote/http11/filters/IdentityInputFilter.java,
    java/org/apache/coyote/http11/filters/LocalStrings.properties,
    test/org/apache/catalina/core/TestSwallowAbortedUploads.java,
    webapps/docs/config/http.xml.
  - CVE-2014-0230
* SECURITY UPDATE: SecurityManager bypass via Expression Language
  - debian/patches/CVE-2014-7810.patch: handle classes that may not be
    accessible but have accessible interfaces in
    java/javax/el/BeanELResolver.java, remove unnecessary code in
    java/org/apache/jasper/runtime/PageContextImpl.java,
    java/org/apache/jasper/security/SecurityClassLoad.java.
  - CVE-2014-7810
* Replace expired ssl certs and use TLS to fix tests causing FTBFS:
  - debian/patches/0022-use-tls-in-ssl-unit-tests.patch
  - debian/patches/0023-replace-expired-ssl-certificates.patch
  - debian/source/include-binaries
lp:ubuntu/vivid/tomcat7 2 Mature 2015-03-26 00:15:03 UTC
33. * Fix FTBFS error by making sure SSL ...

Author: Miguel Landaeta
Revision Date: 2015-03-26 00:15:03 UTC

* Fix FTBFS error by making sure SSL unit tests use TLS protocols.
  - SSLv3 and previous protocols are not secure and deprecated
    in JDK7.
  - Additionally, some X509 certificates provided by upstream expired
    and were causing failures in unit tests as well, so they were
    regenerated. (Closes: #780519).
* Fix FTBFS error by disabling some unit tests that depends on
  having network access.
lp:ubuntu/vivid-proposed/tomcat7 1 Development 2015-03-26 00:15:03 UTC
33. * Fix FTBFS error by making sure SSL ...

Author: Miguel Landaeta
Revision Date: 2015-03-26 00:15:03 UTC

* Fix FTBFS error by making sure SSL unit tests use TLS protocols.
  - SSLv3 and previous protocols are not secure and deprecated
    in JDK7.
  - Additionally, some X509 certificates provided by upstream expired
    and were causing failures in unit tests as well, so they were
    regenerated. (Closes: #780519).
* Fix FTBFS error by disabling some unit tests that depends on
  having network access.
lp:ubuntu/utopic/tomcat7 2 Mature 2014-07-29 17:25:50 UTC
31. * New upstream release * Refreshed th...

Author: Emmanuel Bourg
Revision Date: 2014-07-29 17:25:50 UTC

* New upstream release
* Refreshed the patches
lp:ubuntu/utopic-proposed/tomcat7 1 Development 2014-07-29 17:25:50 UTC
31. * New upstream release * Refreshed th...

Author: Emmanuel Bourg
Revision Date: 2014-07-29 17:25:50 UTC

* New upstream release
* Refreshed the patches
lp:ubuntu/saucy-updates/tomcat7 2 Mature 2014-03-06 14:05:20 UTC
29. * SECURITY UPDATE: request smuggling ...

Author: Marc Deslauriers
Revision Date: 2014-03-04 10:22:07 UTC

* SECURITY UPDATE: request smuggling attack via content-length headers
  - debian/patches/CVE-2013-4286.patch: use long as content length in
    java/org/apache/coyote/Request.java, handle multiple content lengths
    in java/org/apache/coyote/ajp/AbstractAjpProcessor.java, handle
    content length and chunked encoding being both specified in
    java/org/apache/coyote/http11/AbstractHttp11Processor.java.
  - CVE-2013-4286
* SECURITY UPDATE: denial of service via chunked transfer coding
  - debian/patches/CVE-2013-4322.patch: enforce maximum size in
    java/org/apache/coyote/http11/{AbstractHttp11Processor.java,
    AbstractHttp11Protocol.java, Http11AprProcessor.java,
    Http11AprProtocol.java, Http11NioProcessor.java,
    Http11NioProtocol.java, Http11Processor.java, Http11Protocol.java},
    java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
    test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java,
    webapps/docs/config/http.xml.
  - CVE-2013-4322
* SECURITY UPDATE: denial of service via malformed content-type header
  - debian/patches/CVE-2014-0050.patch: validate sizes in
    java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java,
    java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
  - CVE-2014-0050
lp:ubuntu/saucy-security/tomcat7 2 Mature 2014-03-06 13:31:09 UTC
29. * SECURITY UPDATE: request smuggling ...

Author: Marc Deslauriers
Revision Date: 2014-03-04 10:22:07 UTC

* SECURITY UPDATE: request smuggling attack via content-length headers
  - debian/patches/CVE-2013-4286.patch: use long as content length in
    java/org/apache/coyote/Request.java, handle multiple content lengths
    in java/org/apache/coyote/ajp/AbstractAjpProcessor.java, handle
    content length and chunked encoding being both specified in
    java/org/apache/coyote/http11/AbstractHttp11Processor.java.
  - CVE-2013-4286
* SECURITY UPDATE: denial of service via chunked transfer coding
  - debian/patches/CVE-2013-4322.patch: enforce maximum size in
    java/org/apache/coyote/http11/{AbstractHttp11Processor.java,
    AbstractHttp11Protocol.java, Http11AprProcessor.java,
    Http11AprProtocol.java, Http11NioProcessor.java,
    Http11NioProtocol.java, Http11Processor.java, Http11Protocol.java},
    java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
    test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java,
    webapps/docs/config/http.xml.
  - CVE-2013-4322
* SECURITY UPDATE: denial of service via malformed content-type header
  - debian/patches/CVE-2014-0050.patch: validate sizes in
    java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java,
    java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
  - CVE-2014-0050
lp:ubuntu/quantal-security/tomcat7 bug 2 Mature 2014-03-04 10:45:20 UTC
24. * SECURITY UPDATE: request smuggling ...

Author: Marc Deslauriers
Revision Date: 2014-03-04 10:45:20 UTC

* SECURITY UPDATE: request smuggling attack via content-length headers
  - debian/patches/CVE-2013-4286.patch: use long as content length in
    java/org/apache/coyote/Request.java, handle multiple content lengths
    in java/org/apache/coyote/ajp/AbstractAjpProcessor.java, handle
    content length and chunked encoding being both specified in
    java/org/apache/coyote/http11/AbstractHttp11Processor.java.
  - CVE-2013-4286
* SECURITY UPDATE: denial of service via chunked transfer coding
  - debian/patches/CVE-2013-4322.patch: enforce maximum size in
    java/org/apache/coyote/http11/{AbstractHttp11Processor.java,
    AbstractHttp11Protocol.java, Http11AprProcessor.java,
    Http11AprProtocol.java, Http11NioProcessor.java,
    Http11NioProtocol.java, Http11Processor.java, Http11Protocol.java},
    java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
    test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java,
    webapps/docs/config/http.xml.
  - CVE-2013-4322
* SECURITY UPDATE: denial of service via malformed content-type header
  - debian/patches/CVE-2014-0050.patch: validate sizes in
    java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java,
    java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
  - CVE-2014-0050
* d/p/0018-update-test-certificates.patch: remove binary parts to
  support newer quilt.
lp:ubuntu/quantal-updates/tomcat7 2 Mature 2014-03-04 10:45:20 UTC
24. * SECURITY UPDATE: request smuggling ...

Author: Marc Deslauriers
Revision Date: 2014-03-04 10:45:20 UTC

* SECURITY UPDATE: request smuggling attack via content-length headers
  - debian/patches/CVE-2013-4286.patch: use long as content length in
    java/org/apache/coyote/Request.java, handle multiple content lengths
    in java/org/apache/coyote/ajp/AbstractAjpProcessor.java, handle
    content length and chunked encoding being both specified in
    java/org/apache/coyote/http11/AbstractHttp11Processor.java.
  - CVE-2013-4286
* SECURITY UPDATE: denial of service via chunked transfer coding
  - debian/patches/CVE-2013-4322.patch: enforce maximum size in
    java/org/apache/coyote/http11/{AbstractHttp11Processor.java,
    AbstractHttp11Protocol.java, Http11AprProcessor.java,
    Http11AprProtocol.java, Http11NioProcessor.java,
    Http11NioProtocol.java, Http11Processor.java, Http11Protocol.java},
    java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
    test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java,
    webapps/docs/config/http.xml.
  - CVE-2013-4322
* SECURITY UPDATE: denial of service via malformed content-type header
  - debian/patches/CVE-2014-0050.patch: validate sizes in
    java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java,
    java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
  - CVE-2014-0050
* d/p/0018-update-test-certificates.patch: remove binary parts to
  support newer quilt.
lp:ubuntu/trusty-proposed/tomcat7 2 Mature 2014-02-19 14:09:48 UTC
27. * Team upload. * New upstream release...

Author: Gianfranco Costamagna
Revision Date: 2014-02-19 14:09:48 UTC

* Team upload.
* New upstream release.
  - Addresses security issue: CVE-2014-0050
lp:ubuntu/trusty/tomcat7 bug 1 Development 2014-02-19 14:09:48 UTC
31. * Team upload. * New upstream release...

Author: Gianfranco Costamagna
Revision Date: 2014-02-19 14:09:48 UTC

* Team upload.
* New upstream release.
  - Addresses security issue: CVE-2014-0050
lp:~yolanda.robla/ubuntu/trusty/tomcat7/add_distribution_static_right_author (Has a merge proposal) 1 Development 2013-12-03 12:34:19 UTC
29. * debian/patches/fix-distribution.p...

Author: Yolanda Robla
Revision Date: 2013-12-03 12:33:58 UTC

  * debian/patches/fix-distribution.patch: show distribution instead of OS name
  * debian/control: add lsb-release as build dependency
lp:ubuntu/saucy/tomcat7 2 Mature 2013-07-16 17:34:58 UTC
28. [ Gianfranco Costamagna ] * Team uplo...

Author: Gianfranco Costamagna
Revision Date: 2013-07-16 17:34:58 UTC

[ Gianfranco Costamagna ]
* Team upload.
* New upstream release.
* Added libhamcrest-java >= 1.3 as build-dep,
  tweaked debian/rules.
* Bumped compat level to 9.
* Removed some version checks, newer releases already in oldstable.
* Refresh patches.
* debian/control: changed Vcs-Git and Vcs-Browser fields,
  now they are canonical.
* Fixed error message in Tomcat init script,
  patch by Thijs Kinkhorst (Closes: #714348)
lp:ubuntu/saucy-proposed/tomcat7 1 Development 2013-07-16 17:34:58 UTC
24. [ Gianfranco Costamagna ] * Team uplo...

Author: Gianfranco Costamagna
Revision Date: 2013-07-16 17:34:58 UTC

[ Gianfranco Costamagna ]
* Team upload.
* New upstream release.
* Added libhamcrest-java >= 1.3 as build-dep,
  tweaked debian/rules.
* Bumped compat level to 9.
* Removed some version checks, newer releases already in oldstable.
* Refresh patches.
* debian/control: changed Vcs-Git and Vcs-Browser fields,
  now they are canonical.
* Fixed error message in Tomcat init script,
  patch by Thijs Kinkhorst (Closes: #714348)
lp:ubuntu/raring-updates/tomcat7 2 Mature 2013-05-28 18:15:24 UTC
26. * SECURITY UPDATE: information leak v...

Author: Marc Deslauriers
Revision Date: 2013-05-21 10:07:15 UTC

* SECURITY UPDATE: information leak via AsyncListeners and
  RuntimeExceptions (LP: #1178645)
  - debian/patches/CVE-2013-2071.patch: catch RuntimeExceptions in
    java/org/apache/catalina/core/AsyncContextImpl.java, added tests to
    test/org/apache/catalina/core/TestAsyncContextImpl.java.
  - CVE-2013-2071
lp:ubuntu/raring-security/tomcat7 bug 2 Mature 2013-05-28 17:09:36 UTC
26. * SECURITY UPDATE: information leak v...

Author: Marc Deslauriers
Revision Date: 2013-05-21 10:07:15 UTC

* SECURITY UPDATE: information leak via AsyncListeners and
  RuntimeExceptions (LP: #1178645)
  - debian/patches/CVE-2013-2071.patch: catch RuntimeExceptions in
    java/org/apache/catalina/core/AsyncContextImpl.java, added tests to
    test/org/apache/catalina/core/TestAsyncContextImpl.java.
  - CVE-2013-2071
lp:ubuntu/raring/tomcat7 2 Mature 2013-04-08 13:55:29 UTC
25. * Fix FTBFS due to expired test certi...

Author: James Page
Revision Date: 2013-04-08 14:02:42 UTC

* Fix FTBFS due to expired test certificates (LP: #1166187):
  - d/keystores/*.jks: Newer keystores from upstream 7.0.39.
  - d/rules: Install newer keystores for testing, tidy up after use.
  - d/p/0018-update-test-certificates.patch: Cherry picked fixes from
    upstream VCS to update text based certificates.
lp:ubuntu/raring-proposed/tomcat7 bug 1 Development 2013-04-08 13:55:29 UTC
25. * Fix FTBFS due to expired test certi...

Author: James Page
Revision Date: 2013-04-08 14:02:42 UTC

* Fix FTBFS due to expired test certificates (LP: #1166187):
  - d/keystores/*.jks: Newer keystores from upstream 7.0.39.
  - d/rules: Install newer keystores for testing, tidy up after use.
  - d/p/0018-update-test-certificates.patch: Cherry picked fixes from
    upstream VCS to update text based certificates.
lp:ubuntu/precise-security/tomcat7 bug 2 Mature 2013-04-01 21:20:56 UTC
13. [Christian Kuersteiner] * SECURITY UP...

Author: Christian Kuersteiner
Revision Date: 2013-03-19 14:48:19 UTC

[Christian Kuersteiner]
* SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
  (LP: #1115053)
  - debian/patches/0013-CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
    Service. Based on upstream patch.
  - CVE-2012-2733
  - debian/patches/0014-CVE-2012-3546.patch: Fix for bypass of security
    constraints. Based on upstream patch.
  - CVE-2012-3546
  - debian/patches/0015-CVE-2012-4431.patch: Fix for bypass of CSRF prevention
    filter. Based on upstream patch.
  - CVE-2012-4431
  - debian/patches/0016-CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
    Service Vulnerability. Based on upstream patch.
  - CVE-2012-4534
  - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
    weaknesses. Based on upstream patch.
  - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887

[ Jamie Strandboge ]
* allow for easily running the testsuite:
  - debian/control: add testsuite build-depends
  - debian/rules:
    + add 'testsuite' target
    + add ANT_TS_ARGS for use in the testsuite target
    + cleanup the testsuite
  - add debian/README.source for information on how to use the testsuite
lp:ubuntu/precise-updates/tomcat7 2 Mature 2013-03-19 14:48:19 UTC
13. [Christian Kuersteiner] * SECURITY UP...

Author: Christian Kuersteiner
Revision Date: 2013-03-19 14:48:19 UTC

[Christian Kuersteiner]
* SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
  (LP: #1115053)
  - debian/patches/0013-CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
    Service. Based on upstream patch.
  - CVE-2012-2733
  - debian/patches/0014-CVE-2012-3546.patch: Fix for bypass of security
    constraints. Based on upstream patch.
  - CVE-2012-3546
  - debian/patches/0015-CVE-2012-4431.patch: Fix for bypass of CSRF prevention
    filter. Based on upstream patch.
  - CVE-2012-4431
  - debian/patches/0016-CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
    Service Vulnerability. Based on upstream patch.
  - CVE-2012-4534
  - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
    weaknesses. Based on upstream patch.
  - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887

[ Jamie Strandboge ]
* allow for easily running the testsuite:
  - debian/control: add testsuite build-depends
  - debian/rules:
    + add 'testsuite' target
    + add ANT_TS_ARGS for use in the testsuite target
    + cleanup the testsuite
  - add debian/README.source for information on how to use the testsuite
lp:ubuntu/oneiric-updates/tomcat7 2 Mature 2013-03-16 08:11:22 UTC
8. [Christian Kuersteiner] * SECURITY UP...

Author: Christian Kuersteiner
Revision Date: 2013-03-15 15:40:27 UTC

[Christian Kuersteiner]
* SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
  (LP: #1115053)
  - debian/patches/CVE-2012-0022.patch: Fix for Denial of service. Based on
    upstream patch.
  - CVE-2012-0022, CVE-2011-4858
  - debian/patches/CVE-2011-3375.patch: Fix for information disclosure. Based
    on upstream patch.
  - CVE-2011-3375
  - debian/patches/CVE-2011-3376.patch: Fix for privilege escalation. Based on
    upstream patch.
  - CVE-2011-3376
  - debian/patches/CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
    Service. Based on upstream patch.
  - CVE-2012-2733
  - debian/patches/CVE-2012-3546.patch: Fix for bypass of security
    constraints. Based on upstream patch.
  - CVE-2012-3546
  - debian/patches/CVE-2012-4431.patch: Fix for bypass of CSRF prevention
    filter. Based on upstream patch.
  - CVE-2012-4431
  - debian/patches/CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
    Service Vulnerability. Based on upstream patch.
  - CVE-2012-4534
  - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
    weaknesses. Based on upstream patch.
  - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887

[ Jamie Strandboge ]
* allow for easily running the testsuite:
  - debian/control: add testsuite build-depends
  - debian/rules:
    + add 'testsuite' target
    + add ANT_TS_ARGS for use in the testsuite target
    + cleanup the testsuite
  - add debian/README.source for information on how to use the testsuite
lp:ubuntu/oneiric-security/tomcat7 bug 2 Mature 2013-03-16 07:41:57 UTC
8. [Christian Kuersteiner] * SECURITY UP...

Author: Christian Kuersteiner
Revision Date: 2013-03-15 15:40:27 UTC

[Christian Kuersteiner]
* SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
  (LP: #1115053)
  - debian/patches/CVE-2012-0022.patch: Fix for Denial of service. Based on
    upstream patch.
  - CVE-2012-0022, CVE-2011-4858
  - debian/patches/CVE-2011-3375.patch: Fix for information disclosure. Based
    on upstream patch.
  - CVE-2011-3375
  - debian/patches/CVE-2011-3376.patch: Fix for privilege escalation. Based on
    upstream patch.
  - CVE-2011-3376
  - debian/patches/CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
    Service. Based on upstream patch.
  - CVE-2012-2733
  - debian/patches/CVE-2012-3546.patch: Fix for bypass of security
    constraints. Based on upstream patch.
  - CVE-2012-3546
  - debian/patches/CVE-2012-4431.patch: Fix for bypass of CSRF prevention
    filter. Based on upstream patch.
  - CVE-2012-4431
  - debian/patches/CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
    Service Vulnerability. Based on upstream patch.
  - CVE-2012-4534
  - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
    weaknesses. Based on upstream patch.
  - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887

[ Jamie Strandboge ]
* allow for easily running the testsuite:
  - debian/control: add testsuite build-depends
  - debian/rules:
    + add 'testsuite' target
    + add ANT_TS_ARGS for use in the testsuite target
    + cleanup the testsuite
  - add debian/README.source for information on how to use the testsuite
lp:ubuntu/quantal/tomcat7 bug 2 Mature 2012-09-17 10:14:50 UTC
21. * New upstream point release includin...

Author: James Page
Revision Date: 2012-09-17 10:52:06 UTC

* New upstream point release including several fixes for Java 7
  specific issues.
* Refreshed patches.
lp:ubuntu/precise-proposed/tomcat7 bug 2 Mature 2012-07-19 15:50:08 UTC
13. * Fix handling of JNDI lookups using ...

Author: James Page
Revision Date: 2012-07-12 21:52:17 UTC

* Fix handling of JNDI lookups using javax.naming.Name (LP: #1012794):
  - d/patches/0012-lp-1012794-fix-jndi-lookup.patch: Cherry picked patch
    from upstream VCS which ensures that JNDI lookups that use Name
    rather than String don't fail.
lp:ubuntu/precise/tomcat7 bug 2 Mature 2012-04-11 11:08:29 UTC
12. * Handle creation of user instances w...

Author: James Page
Revision Date: 2012-04-11 10:49:51 UTC

* Handle creation of user instances with pathnames containing spaces
  (LP: #977498):
  - d/tomcat7-instance-create: Quote access to files and directories
    so that spaces can be used when creating user instances.
lp:ubuntu/oneiric/tomcat7 2 Mature 2011-09-07 09:45:29 UTC
7. * New upstream release. - Includes ...

Author: James Page
Revision Date: 2011-09-07 09:45:29 UTC

* New upstream release.
  - Includes fix for CVE-2011-3190.
* Updated my email address.
133 of 33 results FirstPreviousNextLast