Ubuntu
tomcat6 package

Branches for Lucid

Name		Status	Last Modified	Last Commit
lp:ubuntu/lucid-proposed/tomcat6		2 Mature	2012-01-25 14:35:46 UTC 2012-01-25	24. * SECURITY UPDATE: denial of service ... Author: Marc Deslauriers Revision Date: 2012-01-25 14:35:46 UTC * SECURITY UPDATE: denial of service via hash collision and incorrect handling of large numbers of parameters and parameter values (LP: #909828) - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling code in conf/web.xml, java/org/apache/catalina/connector/Connector.java, java/org/apache/catalina/connector/mbeans-descriptors.xml, java/org/apache/catalina/connector/Request.java, java/org/apache/catalina/filters/FailedRequestFilter.java, java/org/apache/catalina/Globals.java, java/org/apache/coyote/Request.java, java/org/apache/tomcat/util/buf/B2CConverter.java, java/org/apache/tomcat/util/buf/ByteChunk.java, java/org/apache/tomcat/util/buf/MessageBytes.java, java/org/apache/tomcat/util/buf/StringCache.java, java/org/apache/tomcat/util/http/LocalStrings.properties, java/org/apache/tomcat/util/http/Parameters.java, webapps/docs/config/ajp.xml, webapps/docs/config/http.xml. - CVE-2011-4858 - CVE-2012-0022
lp:ubuntu/lucid-security/tomcat6		2 Mature	2014-07-24 15:49:36 UTC 2014-07-24	29. * SECURITY UPDATE: denial of service ... Author: Marc Deslauriers Revision Date: 2014-07-24 15:49:36 UTC * SECURITY UPDATE: denial of service via malformed chunk size - debian/patches/CVE-2014-0075.patch: fix overflow in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java. - CVE-2014-0075 * SECURITY UPDATE: file disclosure via XXE issue - debian/patches/CVE-2014-0096.patch: change globalXsltFile to be a relative path in conf/web.xml, java/org/apache/catalina/servlets/DefaultServlet.java, java/org/apache/catalina/servlets/LocalStrings.properties, webapps/docs/default-servlet.xml. - CVE-2014-0096 * SECURITY UPDATE: HTTP request smuggling attack via crafted Content-Length HTTP header - debian/patches/CVE-2014-0099.patch: correctly handle long values in java/org/apache/tomcat/util/buf/Ascii.java. - CVE-2014-0099
lp:ubuntu/lucid-updates/tomcat6		2 Mature	2014-07-24 15:49:36 UTC 2014-07-24	29. * SECURITY UPDATE: denial of service ... Author: Marc Deslauriers Revision Date: 2014-07-24 15:49:36 UTC * SECURITY UPDATE: denial of service via malformed chunk size - debian/patches/CVE-2014-0075.patch: fix overflow in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java. - CVE-2014-0075 * SECURITY UPDATE: file disclosure via XXE issue - debian/patches/CVE-2014-0096.patch: change globalXsltFile to be a relative path in conf/web.xml, java/org/apache/catalina/servlets/DefaultServlet.java, java/org/apache/catalina/servlets/LocalStrings.properties, webapps/docs/default-servlet.xml. - CVE-2014-0096 * SECURITY UPDATE: HTTP request smuggling attack via crafted Content-Length HTTP header - debian/patches/CVE-2014-0099.patch: correctly handle long values in java/org/apache/tomcat/util/buf/Ascii.java. - CVE-2014-0099
lp:~james-page/ubuntu/lucid/tomcat6/CVE-2011-3190		1 Development	2011-09-26 10:16:57 UTC 2011-09-26	23. * SECURITY UPDATE: Apache Tomcat Auth... Author: James Page Revision Date: 2011-09-26 10:14:08 UTC * SECURITY UPDATE: Apache Tomcat Authentication bypass and information disclosure (LP: #843701). - d/patches/0015-CVE-2011-3190.patch: Patch from upstream to Prevent AJP request forgery via unread request body packet. - CVE-2011-3190
lp:~mjeanson/ubuntu/lucid/tomcat6/bug632554		1 Development	2010-12-08 18:33:40 UTC 2010-12-08	23. Fix LP: #632554 Author: Michael Jeanson Revision Date: 2010-12-08 18:14:00 UTC Fix LP: #632554
lp:ubuntu/lucid/tomcat6		1 Development	2010-03-31 10:14:18 UTC 2010-03-31	19. [ Thierry Carrez ] * Uploading what 6... Author: Thierry Carrez Revision Date: 2010-03-31 10:14:18 UTC [ Thierry Carrez ] * Uploading what 6.0.24-5 should be (upload is blocked in Debian due to current infrastructure issues), in order to meet Beta2Freeze. [ Niels Thykier ] * Added optimised garbage collection options to tomcat6's default options. Thanks to Aaron J. Zirbes and Thierry Carrez for research and the patch. (Closes: LP: #541520) * Updated the changelog to mention closed CVE's in the 6.0.24-1 release. * Applied patch from Arto Jantunen fixing an issue with cleaning up the pid-file. (Closes: #574084) [ Ludovic Claude ] * debian/tomcat6.postrm: fix removal of Tomcat (Closes: #567548) * Set UTF-8 as default character encoding - Patch by Thomas Koch (Closes: #573539) * Set the major, minor and build versions when calling Ant (Closes: LP: #495505) * Rebuild with a more recent version of maven-repo-helper which puts the javax jars at the correct location in the Maven repository. Fixes several FTBFS in other packages.