ubuntu/+source/tomcat6:applied/ubuntu/lucid-updates

Last commit made on 2014-07-30
Get this branch:
git clone -b applied/ubuntu/lucid-updates https://git.launchpad.net/ubuntu/+source/tomcat6
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/lucid-updates
Repository:
lp:ubuntu/+source/tomcat6

Recent commits

15937e5... by Marc Deslauriers on 2014-07-24

Import patches-applied version 6.0.24-2ubuntu1.16 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 7b44c4012ad6c95255c3b9b3604f8e16f34568ba
Unapplied parent: 246162f2ae9f2bcf6067712ab5387d136e65a1f6

New changelog entries:
  * SECURITY UPDATE: denial of service via malformed chunk size
    - debian/patches/CVE-2014-0075.patch: fix overflow in
      java/org/apache/coyote/http11/filters/ChunkedInputFilter.java.
    - CVE-2014-0075
  * SECURITY UPDATE: file disclosure via XXE issue
    - debian/patches/CVE-2014-0096.patch: change globalXsltFile to be a
      relative path in conf/web.xml,
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/catalina/servlets/LocalStrings.properties,
      webapps/docs/default-servlet.xml.
    - CVE-2014-0096
  * SECURITY UPDATE: HTTP request smuggling attack via crafted
    Content-Length HTTP header
    - debian/patches/CVE-2014-0099.patch: correctly handle long values in
      java/org/apache/tomcat/util/buf/Ascii.java.
    - CVE-2014-0099

246162f... by Marc Deslauriers on 2014-07-24

fix HTTP request smuggling attack via crafted Content-Length HTTP header

Gbp-Pq: CVE-2014-0099.patch.

2818d4e... by Marc Deslauriers on 2014-07-24

fix file disclosure via XXE issue

Gbp-Pq: CVE-2014-0096.patch.

6941c9a... by Marc Deslauriers on 2014-07-24

fix denial of service via malformed chunk size

Gbp-Pq: CVE-2014-0075.patch.

1533c01... by Marc Deslauriers on 2014-07-24

fix denial of service via chunked transfer coding

Gbp-Pq: CVE-2013-4322.patch.

84fe827... by Marc Deslauriers on 2014-07-24

fix request smuggling attack via content-length headers

Gbp-Pq: CVE-2013-4286.patch.

09d5721... by Marc Deslauriers on 2014-07-24

fix FORM authentication request injection

Gbp-Pq: CVE-2013-2067.patch.

fe9fd95... by Marc Deslauriers on 2014-07-24

fix denial of service via chunked transfer encoding

Gbp-Pq: CVE-2012-3544.patch.

6adde18... by Marc Deslauriers on 2014-07-24

fix denial of service with NIO connector

Gbp-Pq: CVE-2012-4534.patch.

384e1b0... by Marc Deslauriers on 2014-07-24

fix security-constraint bypass with FORM auth

Gbp-Pq: CVE-2012-3546.patch.