ubuntu/+source/tomcat6:applied/ubuntu/maverick-proposed

Last commit made on 2012-01-26
Get this branch:
git clone -b applied/ubuntu/maverick-proposed https://git.launchpad.net/ubuntu/+source/tomcat6
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/maverick-proposed
Repository:
lp:ubuntu/+source/tomcat6

Recent commits

0b24817... by Marc Deslauriers on 2012-01-25

Import patches-applied version 6.0.28-2ubuntu1.6 to applied/ubuntu/maverick-proposed

Imported using git-ubuntu import.

Changelog parent: 8872e0d58b433ea408335b570016bd9f3dfa7e58
Unapplied parent: 80bb0513861036d0a321b9d349272c0d62e1e259

New changelog entries:
  * SECURITY UPDATE: denial of service via hash collision and incorrect
    handling of large numbers of parameters and parameter values
    (LP: #909828)
    - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
      code in conf/web.xml,
      java/org/apache/catalina/connector/Connector.java,
      java/org/apache/catalina/connector/mbeans-descriptors.xml,
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/filters/FailedRequestFilter.java,
      java/org/apache/catalina/Globals.java,
      java/org/apache/coyote/Request.java,
      java/org/apache/tomcat/util/buf/B2CConverter.java,
      java/org/apache/tomcat/util/buf/ByteChunk.java,
      java/org/apache/tomcat/util/buf/MessageBytes.java,
      java/org/apache/tomcat/util/buf/StringCache.java,
      java/org/apache/tomcat/util/http/LocalStrings.properties,
      java/org/apache/tomcat/util/http/Parameters.java,
      webapps/docs/config/ajp.xml,
      webapps/docs/config/http.xml.
    - CVE-2011-4858
    - CVE-2012-0022

80bb051... by Marc Deslauriers on 2012-01-25

fix denial of service via hash collision and incorrect

Gbp-Pq: 0019-CVE-2012-0022.patch.

b4441dc... by Marc Deslauriers on 2012-01-25

fix HTTP DIGEST authentication weaknesses

Gbp-Pq: 0018-CVE-2011-1184.patch.

45c1234... by Marc Deslauriers on 2012-01-25

fix AJP request spoofing and authentication bypass

Gbp-Pq: 0017-CVE-2011-3190.patch.

8739aa5... by Marc Deslauriers on 2012-01-25

fix file restriction bypass or denial of service via untrusted web application

Gbp-Pq: 0016-CVE-2011-2526.patch.

1ce5c8f... by Marc Deslauriers on 2012-01-25

fix information disclosure via log file

Gbp-Pq: 0015-CVE-2011-2204.patch.

19787ac... by Marc Deslauriers on 2012-01-25

fix denial of service via NIOS HTTP connector

Gbp-Pq: 0014-CVE-2011-0534.patch.

e774b68... by Marc Deslauriers on 2012-01-25

fix cross-site scripting in HTML Manager interface

Gbp-Pq: 0013-CVE-2011-0013.patch.

cc1e6ec... by Marc Deslauriers on 2012-01-25

fix directory traversal via incorrect ServetContext attribute

Gbp-Pq: 0012-CVE-2010-3718.patch.

6b495be... by Marc Deslauriers on 2012-01-25

Backport changes in tomcat6's SVN tree to 6.0.28.

Gbp-Pq: 0011-CVE-2010-4172.patch.