Branches for Trusty

Name Status Last Modified Last Commit
lp:ubuntu/trusty-proposed/tomcat7 2 Mature 2014-02-19 14:09:48 UTC
27. * Team upload. * New upstream release...

Author: Gianfranco Costamagna
Revision Date: 2014-02-19 14:09:48 UTC

* Team upload.
* New upstream release.
  - Addresses security issue: CVE-2014-0050

lp:ubuntu/trusty-security/tomcat7 bug 2 Mature 2015-06-25 12:30:51 UTC
33. * SECURITY UPDATE: arbitrary file dis...

Author: Marc Deslauriers
Revision Date: 2015-06-19 12:30:21 UTC

* SECURITY UPDATE: arbitrary file disclosure via XML parser
  (LP: #1449975)
  - debian/patches/CVE-2014-0119.patch: add defensive coding and ensure
    TLD parser obtained from cache has correct value of blockExternal in
    java/org/apache/catalina/security/SecurityClassLoad.java,
    java/org/apache/catalina/servlets/DefaultServlet.java,
    java/org/apache/catalina/startup/TldConfig.java,
    java/org/apache/jasper/compiler/JspDocumentParser.java,
    java/org/apache/jasper/xmlparser/ParserUtils.java,
    java/org/apache/tomcat/util/security/PrivilegedGetTccl.java,
    java/org/apache/tomcat/util/security/PrivilegedSetTccl.java.
  - CVE-2014-0119
* SECURITY UPDATE: HTTP request smuggling or denial of service via
  streaming with malformed chunked transfer encoding (LP: #1449975)
  - debian/patches/CVE-2014-0227.patch: add error flag and improve i18n
    in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
    java/org/apache/coyote/http11/filters/LocalStrings.properties.
  - CVE-2014-0227
* SECURITY UPDATE: denial of service via aborted upload attempts
  (LP: #1449975)
  - debian/patches/CVE-2014-0230.patch: limit amount of data in
    java/org/apache/coyote/http11/AbstractHttp11Processor.java,
    java/org/apache/coyote/http11/AbstractHttp11Protocol.java,
    java/org/apache/coyote/http11/Http11AprProcessor.java,
    java/org/apache/coyote/http11/Http11AprProtocol.java,
    java/org/apache/coyote/http11/Http11NioProcessor.java,
    java/org/apache/coyote/http11/Http11NioProtocol.java,
    java/org/apache/coyote/http11/Http11Processor.java,
    java/org/apache/coyote/http11/Http11Protocol.java,
    java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
    java/org/apache/coyote/http11/filters/IdentityInputFilter.java,
    java/org/apache/coyote/http11/filters/LocalStrings.properties,
    test/org/apache/catalina/core/TestSwallowAbortedUploads.java,
    webapps/docs/config/http.xml.
  - CVE-2014-0230
* SECURITY UPDATE: SecurityManager bypass via Expression Language
  - debian/patches/CVE-2014-7810.patch: handle classes that may not be
    accessible but have accessible interfaces in
    java/javax/el/BeanELResolver.java, remove unnecessary code in
    java/org/apache/jasper/runtime/PageContextImpl.java,
    java/org/apache/jasper/security/SecurityClassLoad.java.
  - CVE-2014-7810
* Replace expired ssl certs and use TLS to fix tests causing FTBFS:
  - debian/patches/0022-use-tls-in-ssl-unit-tests.patch
  - debian/patches/0023-replace-expired-ssl-certificates.patch
  - debian/source/include-binaries

lp:ubuntu/trusty-updates/tomcat7 2 Mature 2015-06-19 12:30:21 UTC
33. * SECURITY UPDATE: arbitrary file dis...

Author: Marc Deslauriers
Revision Date: 2015-06-19 12:30:21 UTC

* SECURITY UPDATE: arbitrary file disclosure via XML parser
  (LP: #1449975)
  - debian/patches/CVE-2014-0119.patch: add defensive coding and ensure
    TLD parser obtained from cache has correct value of blockExternal in
    java/org/apache/catalina/security/SecurityClassLoad.java,
    java/org/apache/catalina/servlets/DefaultServlet.java,
    java/org/apache/catalina/startup/TldConfig.java,
    java/org/apache/jasper/compiler/JspDocumentParser.java,
    java/org/apache/jasper/xmlparser/ParserUtils.java,
    java/org/apache/tomcat/util/security/PrivilegedGetTccl.java,
    java/org/apache/tomcat/util/security/PrivilegedSetTccl.java.
  - CVE-2014-0119
* SECURITY UPDATE: HTTP request smuggling or denial of service via
  streaming with malformed chunked transfer encoding (LP: #1449975)
  - debian/patches/CVE-2014-0227.patch: add error flag and improve i18n
    in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
    java/org/apache/coyote/http11/filters/LocalStrings.properties.
  - CVE-2014-0227
* SECURITY UPDATE: denial of service via aborted upload attempts
  (LP: #1449975)
  - debian/patches/CVE-2014-0230.patch: limit amount of data in
    java/org/apache/coyote/http11/AbstractHttp11Processor.java,
    java/org/apache/coyote/http11/AbstractHttp11Protocol.java,
    java/org/apache/coyote/http11/Http11AprProcessor.java,
    java/org/apache/coyote/http11/Http11AprProtocol.java,
    java/org/apache/coyote/http11/Http11NioProcessor.java,
    java/org/apache/coyote/http11/Http11NioProtocol.java,
    java/org/apache/coyote/http11/Http11Processor.java,
    java/org/apache/coyote/http11/Http11Protocol.java,
    java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
    java/org/apache/coyote/http11/filters/IdentityInputFilter.java,
    java/org/apache/coyote/http11/filters/LocalStrings.properties,
    test/org/apache/catalina/core/TestSwallowAbortedUploads.java,
    webapps/docs/config/http.xml.
  - CVE-2014-0230
* SECURITY UPDATE: SecurityManager bypass via Expression Language
  - debian/patches/CVE-2014-7810.patch: handle classes that may not be
    accessible but have accessible interfaces in
    java/javax/el/BeanELResolver.java, remove unnecessary code in
    java/org/apache/jasper/runtime/PageContextImpl.java,
    java/org/apache/jasper/security/SecurityClassLoad.java.
  - CVE-2014-7810
* Replace expired ssl certs and use TLS to fix tests causing FTBFS:
  - debian/patches/0022-use-tls-in-ssl-unit-tests.patch
  - debian/patches/0023-replace-expired-ssl-certificates.patch
  - debian/source/include-binaries

lp:ubuntu/trusty/tomcat7 bug 1 Development 2014-02-19 14:09:48 UTC
31. * Team upload. * New upstream release...

Author: Gianfranco Costamagna
Revision Date: 2014-02-19 14:09:48 UTC

* Team upload.
* New upstream release.
  - Addresses security issue: CVE-2014-0050

lp:~yolanda.robla/ubuntu/trusty/tomcat7/add_distribution_static_right_author (Has a merge proposal) 1 Development 2013-12-03 12:34:19 UTC
29. * debian/patches/fix-distribution.p...

Author: Yolanda Robla
Revision Date: 2013-12-03 12:33:58 UTC

  * debian/patches/fix-distribution.patch: show distribution instead of OS name
  * debian/control: add lsb-release as build dependency

15 of 5 results