lp:ubuntu/oneiric-proposed/tomcat6
- Get this branch:
- bzr branch lp:ubuntu/oneiric-proposed/tomcat6
Branch merges
Branch information
Recent revisions
- 40. By Marc Deslauriers
-
* SECURITY UPDATE: cross-request information leakage
- debian/patches/ 0016-CVE- 2011-3375. patch: ensure that the request and
response objects are recycled after being re-populated in
java/org/apache/ catalina/ connector/ CoyoteAdapter. java,
java/org/apache/ coyote/ ajp/AjpAprProce ssor.java,
java/org/apache/ coyote/ ajp/AjpProcesso r.java,
java/org/apache/ coyote/ http11/ Http11AprProces sor.java,
java/org/apache/ coyote/ http11/ Http11NioProces sor.java,
java/org/apache/ coyote/ http11/ Http11Processor .java.
- CVE-2011-3375
* SECURITY UPDATE: denial of service via hash collision and incorrect
handling of large numbers of parameters and parameter values
(LP: #909828)
- debian/patches/ 0017-CVE- 2012-0022. patch: refactor parameter handling
code in conf/web.xml,
java/org/apache/ catalina/ connector/ Connector. java,
java/org/apache/ catalina/ connector/ mbeans- descriptors. xml,
java/org/apache/ catalina/ connector/ Request. java,
java/org/apache/ catalina/ filters/ FilterBase. java,
java/org/apache/ catalina/ filters/ FailedRequestFi lter.java,
java/org/apache/ catalina/ Globals. java,
java/org/apache/ coyote/ Request. java,
java/org/apache/ tomcat/ util/buf/ B2CConverter. java,
java/org/apache/ tomcat/ util/buf/ ByteChunk. java,
java/org/apache/ tomcat/ util/buf/ MessageBytes. java,
java/org/apache/ tomcat/ util/buf/ StringCache. java,
java/org/apache/ tomcat/ util/http/ LocalStrings. properties,
java/org/apache/ tomcat/ util/http/ Parameters. java,
webapps/docs/config/ ajp.xml,
webapps/docs/config/ filter. xml,
webapps/docs/config/ http.xml.
- CVE-2011-4858
- CVE-2012-0022 - 39. By Marc Deslauriers
-
* SECURITY UPDATE: HTTP DIGEST authentication weaknesses
- debian/patches/ 0014-CVE- 2011-1184. patch: add new nonce options in
java/org/apache/ catalina/ authenticator/ DigestAuthentic ator.java,
java/org/apache/ catalina/ authenticator/ LocalStrings. properties,
java/org/apache/ catalina/ authenticator/ mbeans- descriptors. xml,
java/org/apache/ catalina/ realm/RealmBase .java,
webapps/docs/config/ valve.xml.
- CVE-2011-1184
* SECURITY UPDATE: file restriction bypass or denial of service via
untrusted web application.
- debian/patches/ 0015-CVE- 2011-2526. patch: check canonical name in
java/org/apache/ catalina/ connector/ LocalStrings. properties,
java/org/apache/ catalina/ connector/ Request. java,
java/org/apache/ catalina/ servlets/ DefaultServlet. java,
java/org/apache/ coyote/ http11/ Http11AprProces sor.java,
java/org/apache/ coyote/ http11/ LocalStrings. properties,
java/org/apache/ tomcat/ util/net/ AprEndpoint. java,
java/org/apache/ tomcat/ util/net/ NioEndpoint. java.
- CVE-2011-2526 - 37. By Tony Mancill
-
* Team upload.
* Add Catalan debconf translation ca.po (Closes: #630073).
* Correct Suggests for libtcnative-1 (tomcat-native) (Closes: #631919)
* Add patch for CVE-2011-2204 (Closes: #632882) - 36. By Tony Mancill
-
* Team upload.
* Add Italian debconf translation.
Thanks to Dario Santamaria (Closes: #624376)
* Add logrotate for catalina.out (Closes: 607050)
* Bump standards version to 3.9.2 (no changes needed). - 35. By Tony Mancill
-
* Team upload.
* Include upstream patch for ASF Bugzilla - Bug 50700
(Context parameters are being overridden with parameters from the
web application deployment descriptor) (Closes: #623242) - 34. By Abhinav Upadhyay
-
debian/
tomcat6- instance- create: Eclipse can now be configured to use a user instance
of tomcat6 using tomcat6-instance- create without any additional work.
tomcat6-instance- create will setup all the necessary symlinks to make eclipse work.
(Closes: #551091) (LP: #297675) - 33. By Abhinav Upadhyay
-
[ Abhinav Upadhyay ]
* tomcat6-instance- create should accept -1 as the value of -c option
as per http://tomcat. apache. org/tomcat- 6.0-doc/ config/ server. html
(LP: #707405)
[ Dave Walker (Daviey) ]
* debian/control: Updated Maintainer as per policy. - 32. By Tony Mancill
-
* Team upload.
* Add Portuguese/Brazilian debconf translation.
Thanks to José de Figueiredo (Closes: #608527)
* Add patches for CVE-2011-0534, CVE-2010-3718, CVE-2011-0013
(Closes: #612257) - 31. By Tony Mancill
-
* Team upload.
* Update URL for manager application in README.Debian
Thanks to Ernesto Ongaro (Closes: #606170)
* Add patch for CVE-2010-4172. (Closes: #606388)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/quantal/tomcat6