ubuntu/+source/tomcat6:applied/ubuntu/natty-devel

Last commit made on 2012-01-26
Get this branch:
git clone -b applied/ubuntu/natty-devel https://git.launchpad.net/ubuntu/+source/tomcat6
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/natty-devel
Repository:
lp:ubuntu/+source/tomcat6

Recent commits

2a380c5... by Marc Deslauriers on 2012-01-25

Import patches-applied version 6.0.28-10ubuntu2.3 to applied/ubuntu/natty-proposed

Imported using git-ubuntu import.

Changelog parent: 7fe876485b21469a46c53793cdfe5db73beb5c49
Unapplied parent: fca4c0455289503b132d688c863ad4218cd16064

New changelog entries:
  * SECURITY UPDATE: denial of service via hash collision and incorrect
    handling of large numbers of parameters and parameter values
    (LP: #909828)
    - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
      code in conf/web.xml,
      java/org/apache/catalina/connector/Connector.java,
      java/org/apache/catalina/connector/mbeans-descriptors.xml,
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/filters/FailedRequestFilter.java,
      java/org/apache/catalina/Globals.java,
      java/org/apache/coyote/Request.java,
      java/org/apache/tomcat/util/buf/B2CConverter.java,
      java/org/apache/tomcat/util/buf/ByteChunk.java,
      java/org/apache/tomcat/util/buf/MessageBytes.java,
      java/org/apache/tomcat/util/buf/StringCache.java,
      java/org/apache/tomcat/util/http/LocalStrings.properties,
      java/org/apache/tomcat/util/http/Parameters.java,
      webapps/docs/config/ajp.xml,
      webapps/docs/config/http.xml.
    - CVE-2011-4858
    - CVE-2012-0022

fca4c04... by Marc Deslauriers on 2012-01-25

fix denial of service via hash collision and incorrect

Gbp-Pq: 0019-CVE-2012-0022.patch.

ecfb730... by Marc Deslauriers on 2012-01-25

fix HTTP DIGEST authentication weaknesses

Gbp-Pq: 0018-CVE-2011-1184.patch.

72a3aa9... by Marc Deslauriers on 2012-01-25

fix AJP request spoofing and authentication bypass

Gbp-Pq: 0017-CVE-2011-3190.patch.

d973b8a... by Marc Deslauriers on 2012-01-25

fix file restriction bypass or denial of service via untrusted web application

Gbp-Pq: 0016-CVE-2011-2526.patch.

1a60586... by Marc Deslauriers on 2012-01-25

fix information disclosure via log file

Gbp-Pq: 0015-CVE-2011-2204.patch.

2d948d0... by Marc Deslauriers on 2012-01-25

0014-CVE-2011-0534.patch

No DEP3 Subject or Description header found

Gbp-Pq: 0014-CVE-2011-0534.patch.

67212c6... by Marc Deslauriers on 2012-01-25

0013-CVE-2011-0013.patch

No DEP3 Subject or Description header found

Gbp-Pq: 0013-CVE-2011-0013.patch.

21af993... by Marc Deslauriers on 2012-01-25

0012-CVE-2010-3718.patch

No DEP3 Subject or Description header found

Gbp-Pq: 0012-CVE-2010-3718.patch.

bbf8d22... by Marc Deslauriers on 2012-01-25

Backport changes in tomcat6's SVN tree to 6.0.28.

Gbp-Pq: 0011-CVE-2010-4172.patch.