ubuntu/+source/tomcat6:applied/ubuntu/oneiric-updates

Last commit made on 2013-01-14
Get this branch:
git clone -b applied/ubuntu/oneiric-updates https://git.launchpad.net/ubuntu/+source/tomcat6
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/oneiric-updates
Repository:
lp:ubuntu/+source/tomcat6

Recent commits

fb10151... by Marc Deslauriers on 2013-01-10

Import patches-applied version 6.0.32-5ubuntu1.4 to applied/ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 0581d9a3b765b085886df725a2469c45c6e5d6b0
Unapplied parent: 05e5a72f089a8cb8bc2b65440918c22849d9fe70

New changelog entries:
  * SECURITY UPDATE: security-constraint bypass with FORM auth
    - debian/patches/CVE-2012-3546.patch: remove unneeded code in
      java/org/apache/catalina/realm/RealmBase.java.
    - CVE-2012-3546
  * SECURITY UPDATE: CSRF bypass via request with no session identifier
    - debian/patches/CVE-2012-4431.patch: check for session identifier in
      java/org/apache/catalina/filters/CsrfPreventionFilter.java.
    - CVE-2012-4431
  * SECURITY UPDATE: denial of service with NIO connector
    - debian/patches/CVE-2012-4534.patch: properly handle connection breaks
      in java/org/apache/tomcat/util/net/NioEndpoint.java.
    - CVE-2012-4534

05e5a72... by Marc Deslauriers on 2013-01-10

fix denial of service with NIO connector

Gbp-Pq: CVE-2012-4534.patch.

335044e... by Marc Deslauriers on 2013-01-10

fix CSRF bypass via request with no session identifier

Gbp-Pq: CVE-2012-4431.patch.

278fc07... by Marc Deslauriers on 2013-01-10

fix security-constraint bypass with FORM auth

Gbp-Pq: CVE-2012-3546.patch.

1f475ff... by Marc Deslauriers on 2013-01-10

fix multiple HTTP Digest Access Authentication flaws

Gbp-Pq: 0013-CVE-2012-588x.patch.

d5cd32d... by Marc Deslauriers on 2013-01-10

fix denial of service via large header data

Gbp-Pq: 0012-CVE-2012-2733.patch.

d283412... by Marc Deslauriers on 2013-01-10

fix denial of service via hash collision and incorrect

Gbp-Pq: 0017-CVE-2012-0022.patch.

f375b1d... by Marc Deslauriers on 2013-01-10

fix cross-request information leakage

Gbp-Pq: 0016-CVE-2011-3375.patch.

b09cdc7... by Marc Deslauriers on 2013-01-10

fix file restriction bypass or denial of service via untrusted web application

Gbp-Pq: 0015-CVE-2011-2526.patch.

65aa096... by Marc Deslauriers on 2013-01-10

fix HTTP DIGEST authentication weaknesses

Gbp-Pq: 0014-CVE-2011-1184.patch.