Branches for Oneiric

Author: James Page
Revision Date: 2011-09-08 14:45:34 UTC

Added patch for CVE-2011-3190 (LP: #843701).

Author: Marc Deslauriers
Revision Date: 2012-01-25 09:00:23 UTC

* SECURITY UPDATE: cross-request information leakage
  - debian/patches/0016-CVE-2011-3375.patch: ensure that the request and
    response objects are recycled after being re-populated in
    java/org/apache/catalina/connector/CoyoteAdapter.java,
    java/org/apache/coyote/ajp/AjpAprProcessor.java,
    java/org/apache/coyote/ajp/AjpProcessor.java,
    java/org/apache/coyote/http11/Http11AprProcessor.java,
    java/org/apache/coyote/http11/Http11NioProcessor.java,
    java/org/apache/coyote/http11/Http11Processor.java.
  - CVE-2011-3375
* SECURITY UPDATE: denial of service via hash collision and incorrect
  handling of large numbers of parameters and parameter values
  (LP: #909828)
  - debian/patches/0017-CVE-2012-0022.patch: refactor parameter handling
    code in conf/web.xml,
    java/org/apache/catalina/connector/Connector.java,
    java/org/apache/catalina/connector/mbeans-descriptors.xml,
    java/org/apache/catalina/connector/Request.java,
    java/org/apache/catalina/filters/FilterBase.java,
    java/org/apache/catalina/filters/FailedRequestFilter.java,
    java/org/apache/catalina/Globals.java,
    java/org/apache/coyote/Request.java,
    java/org/apache/tomcat/util/buf/B2CConverter.java,
    java/org/apache/tomcat/util/buf/ByteChunk.java,
    java/org/apache/tomcat/util/buf/MessageBytes.java,
    java/org/apache/tomcat/util/buf/StringCache.java,
    java/org/apache/tomcat/util/http/LocalStrings.properties,
    java/org/apache/tomcat/util/http/Parameters.java,
    webapps/docs/config/ajp.xml,
    webapps/docs/config/filter.xml,
    webapps/docs/config/http.xml.
  - CVE-2011-4858
  - CVE-2012-0022

Author: Marc Deslauriers
Revision Date: 2013-01-10 10:00:07 UTC

* SECURITY UPDATE: security-constraint bypass with FORM auth
  - debian/patches/CVE-2012-3546.patch: remove unneeded code in
    java/org/apache/catalina/realm/RealmBase.java.
  - CVE-2012-3546
* SECURITY UPDATE: CSRF bypass via request with no session identifier
  - debian/patches/CVE-2012-4431.patch: check for session identifier in
    java/org/apache/catalina/filters/CsrfPreventionFilter.java.
  - CVE-2012-4431
* SECURITY UPDATE: denial of service with NIO connector
  - debian/patches/CVE-2012-4534.patch: properly handle connection breaks
    in java/org/apache/tomcat/util/net/NioEndpoint.java.
  - CVE-2012-4534

Author: Marc Deslauriers
Revision Date: 2013-01-10 10:00:07 UTC

* SECURITY UPDATE: security-constraint bypass with FORM auth
  - debian/patches/CVE-2012-3546.patch: remove unneeded code in
    java/org/apache/catalina/realm/RealmBase.java.
  - CVE-2012-3546
* SECURITY UPDATE: CSRF bypass via request with no session identifier
  - debian/patches/CVE-2012-4431.patch: check for session identifier in
    java/org/apache/catalina/filters/CsrfPreventionFilter.java.
  - CVE-2012-4431
* SECURITY UPDATE: denial of service with NIO connector
  - debian/patches/CVE-2012-4534.patch: properly handle connection breaks
    in java/org/apache/tomcat/util/net/NioEndpoint.java.
  - CVE-2012-4534

Author: James Page
Revision Date: 2011-09-08 13:50:05 UTC

Added patch for CVE-2011-3190 (LP: #843701).