Ubuntu
tomcat6 package

lp:ubuntu/oneiric-proposed/tomcat6

  1. Oneiric (11.10)
  2. oneiric-proposed
Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/oneiric-proposed/tomcat6
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

40. By Marc Deslauriers

* SECURITY UPDATE: cross-request information leakage
  - debian/patches/0016-CVE-2011-3375.patch: ensure that the request and
    response objects are recycled after being re-populated in
    java/org/apache/catalina/connector/CoyoteAdapter.java,
    java/org/apache/coyote/ajp/AjpAprProcessor.java,
    java/org/apache/coyote/ajp/AjpProcessor.java,
    java/org/apache/coyote/http11/Http11AprProcessor.java,
    java/org/apache/coyote/http11/Http11NioProcessor.java,
    java/org/apache/coyote/http11/Http11Processor.java.
  - CVE-2011-3375
* SECURITY UPDATE: denial of service via hash collision and incorrect
  handling of large numbers of parameters and parameter values
  (LP: #909828)
  - debian/patches/0017-CVE-2012-0022.patch: refactor parameter handling
    code in conf/web.xml,
    java/org/apache/catalina/connector/Connector.java,
    java/org/apache/catalina/connector/mbeans-descriptors.xml,
    java/org/apache/catalina/connector/Request.java,
    java/org/apache/catalina/filters/FilterBase.java,
    java/org/apache/catalina/filters/FailedRequestFilter.java,
    java/org/apache/catalina/Globals.java,
    java/org/apache/coyote/Request.java,
    java/org/apache/tomcat/util/buf/B2CConverter.java,
    java/org/apache/tomcat/util/buf/ByteChunk.java,
    java/org/apache/tomcat/util/buf/MessageBytes.java,
    java/org/apache/tomcat/util/buf/StringCache.java,
    java/org/apache/tomcat/util/http/LocalStrings.properties,
    java/org/apache/tomcat/util/http/Parameters.java,
    webapps/docs/config/ajp.xml,
    webapps/docs/config/filter.xml,
    webapps/docs/config/http.xml.
  - CVE-2011-4858
  - CVE-2012-0022

39. By Marc Deslauriers

* SECURITY UPDATE: HTTP DIGEST authentication weaknesses
  - debian/patches/0014-CVE-2011-1184.patch: add new nonce options in
    java/org/apache/catalina/authenticator/DigestAuthenticator.java,
    java/org/apache/catalina/authenticator/LocalStrings.properties,
    java/org/apache/catalina/authenticator/mbeans-descriptors.xml,
    java/org/apache/catalina/realm/RealmBase.java,
    webapps/docs/config/valve.xml.
  - CVE-2011-1184
* SECURITY UPDATE: file restriction bypass or denial of service via
  untrusted web application.
  - debian/patches/0015-CVE-2011-2526.patch: check canonical name in
    java/org/apache/catalina/connector/LocalStrings.properties,
    java/org/apache/catalina/connector/Request.java,
    java/org/apache/catalina/servlets/DefaultServlet.java,
    java/org/apache/coyote/http11/Http11AprProcessor.java,
    java/org/apache/coyote/http11/LocalStrings.properties,
    java/org/apache/tomcat/util/net/AprEndpoint.java,
    java/org/apache/tomcat/util/net/NioEndpoint.java.
  - CVE-2011-2526

38. By James Page

Added patch for CVE-2011-3190 (LP: #843701).

37. By Tony Mancill

* Team upload.
* Add Catalan debconf translation ca.po (Closes: #630073).
* Correct Suggests for libtcnative-1 (tomcat-native) (Closes: #631919)
* Add patch for CVE-2011-2204 (Closes: #632882)

36. By Tony Mancill

* Team upload.
* Add Italian debconf translation.
  Thanks to Dario Santamaria (Closes: #624376)
* Add logrotate for catalina.out (Closes: 607050)
* Bump standards version to 3.9.2 (no changes needed).

35. By Tony Mancill

* Team upload.
* Include upstream patch for ASF Bugzilla - Bug 50700
  (Context parameters are being overridden with parameters from the
   web application deployment descriptor) (Closes: #623242)

34. By Abhinav Upadhyay

debian/tomcat6-instance-create: Eclipse can now be configured to use a user instance
of tomcat6 using tomcat6-instance-create without any additional work.
tomcat6-instance-create will setup all the necessary symlinks to make eclipse work.
(Closes: #551091) (LP: #297675)

33. By Abhinav Upadhyay

[ Abhinav Upadhyay ]
* tomcat6-instance-create should accept -1 as the value of -c option
  as per http://tomcat.apache.org/tomcat-6.0-doc/config/server.html
  (LP: #707405)
[ Dave Walker (Daviey) ]
* debian/control: Updated Maintainer as per policy.

32. By Tony Mancill

* Team upload.
* Add Portuguese/Brazilian debconf translation.
  Thanks to José de Figueiredo (Closes: #608527)
* Add patches for CVE-2011-0534, CVE-2010-3718, CVE-2011-0013
  (Closes: #612257)

31. By Tony Mancill

* Team upload.
* Update URL for manager application in README.Debian
  Thanks to Ernesto Ongaro (Closes: #606170)
* Add patch for CVE-2010-4172. (Closes: #606388)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/quantal/tomcat6
This branch contains Public information 
Everyone can see this information.

Subscribers