lp:ubuntu/karmic-security/tomcat6
- Get this branch:
- bzr branch lp:ubuntu/karmic-security/tomcat6
Branch merges
Branch information
Recent revisions
- 17. By Marc Deslauriers
-
* SECURITY UPDATE: directory traversal via incorrect ServetContext
attribute (LP: #717396)
- debian/patches/ 0012-CVE- 2010-3718. patch: mark as read only in
java/org/apache/ catalina/ core/StandardCo ntext.java.
- CVE-2010-3718
* SECURITY UPDATE: cross-site scripting in HTML Manager interface
- debian/patches/ 0013-CVE- 2011-0013. patch: properly filter values in
java/org/apache/ catalina/ manager/ {HTMLManagerSer vlet.java,
StatusTransformer. java}.
- CVE-2011-0013
* SECURITY UPDATE: denial of service via NIOS HTTP connector
(LP: #714239, LP: #717396)
- debian/patches/ 0014-CVE- 2011-0534. patch: enforce proper size in
java/org/apache/ coyote/ http11/ InternalNioInpu tBuffer. java.
- CVE-2011-0534 - 16. By Marc Deslauriers
-
* SECURITY UPDATE: cross-site scripting in Manager application
- debian/patches/ 0011-CVE- 2010-4172. patch: add proper escaping to
java/org/apache/ catalina/ manager/ JspHelper. java,
webapps/manager/ {sessionDetail, sessionsList} .jsp.
- patch backported from Debian 6.0.28-9 package
- CVE-2010-4172 - 15. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible information disclosure
via crafted header
- debian/patches/ CVE-2010- 2227.patch: fix filter logic in
java/org/apache/ coyote/ http11/ {Http11AprProce ssor,Http11NioP rocessor,
Http11Processor,filters/ BufferedInputFi lter}.java.
- CVE-2010-2227 - 14. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary file creation or overwrite from directory
traversal via a .. entry in a WAR file.
- CVE-2009-2693
* SECURITY UPDATE: authentication bypass via autodeployment process
- CVE-2009-2901
* SECURITY UPDATE: work-directory file deletion via directory traversal
sequences in a WAR filename.
- CVE-2009-2902
- debian/patches/ security_ CVE-2009- 2693_2901_ 2902.patch: validate file
names and paths in java/org/apache/ catalina/ loader/
{LocalStrings.properties, WebappClassLoad er.java} ,
java/org/apache/ catalina/ startup/ {ContextConfig. java,ExpandWar. java,
HostConfig.java,LocalStrin gs.properties} - 13. By Matthias Klose
-
* Add maven POM's for libservlet2.5-java. LP: #454822.
* debian/policy/ 02debian. policy: grant access to
/usr/share/maven- repo/ as it is a valid source of Debian JARs. - 12. By Iulian Udrea
-
* Merge from debian unstable (LP: #391018); remaining changes:
- debian/control, debian/rules: Use default-jdk to build
- debian/control: Run using default-jre-headless by default - 11. By Mathias Gug
-
[ Iulian Udrea ]
* Merge from debian unstable (LP: #385262), remaining changes:
- debian/control, debian/rules: Use default-jdk to build
- debian/control: Run using default-jre-headless by default - 10. By Thierry Carrez
-
* Merge from debian unstable (LP: #371728), remaining changes:
- debian/control, debian/rules: Use default-jdk to build
- debian/control: Run using default-jre-headless by default
- debian/patches/ tcnative- ipv6-fix- 43327.patch to fix incompatibility
between libtcnative-1 and ipv6 - 9. By Thierry Carrez
-
* Added debian/
patches/ tcnative- ipv6-fix- 43327.patch to fix incompatibility
between libtcnative-1 and ipv6 (fixes LP: #287645)
* No longer create confusing /var/lib/tomcat6/ lib or lib subdirectory in
private instances, since they are ignored (LP: #324212) - 8. By Mathias Gug
-
[ Thierry Carrez ]
* Removed tomcat6-[admin, docs,examples] .post[inst, rm] and let Tomcat webapp
autodeployment features handle application load/unload (LP: #302914)
* tomcat6-instance- create, tomcat6- instance- create. 1, control:
Allow to change the HTTP port, control port and shutdown word on the
tomcat6-instance- create command line (LP: #300691). [ Mathias Gug]
* debian/tomcat6- instance- create: move directoryname from an option to
an argument.
* debian/tomcat6- instance- create. 1: some updates to the man page.
* debian/control: update maintainer field to Ubuntu Core Developers now that
tomcat6 is in main.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/tomcat6