ubuntu/+source/tomcat6:applied/ubuntu/precise-security

Last commit made on 2017-02-20
Get this branch:
git clone -b applied/ubuntu/precise-security https://git.launchpad.net/ubuntu/+source/tomcat6
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/precise-security
Repository:
lp:ubuntu/+source/tomcat6

Recent commits

28bb37f... by Marc Deslauriers on 2017-02-17

Import patches-applied version 6.0.35-1ubuntu3.11 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: bd60160d70772460bc761c67dbca805ff6ddc738
Unapplied parent: ba5ed4bbe7935bd8029e345b71ca5922f7bc7cd4

New changelog entries:
  * SECURITY UPDATE: possible DoS via CPU consumption (LP: #1663318)
    - debian/patches/CVE-2017-6056.patch: fix infinite loop in
      java/org/apache/coyote/http11/InternalAprInputBuffer.java,
      java/org/apache/coyote/http11/InternalInputBuffer.java,
      java/org/apache/coyote/http11/InternalNioInputBuffer.java.
    - CVE-2017-6056

ba5ed4b... by Marc Deslauriers on 2017-02-17

fix DoS via CPU consumption

Gbp-Pq: CVE-2017-6056.patch.

2b929d9... by Marc Deslauriers on 2017-02-17

fix information leakage between requests

Gbp-Pq: CVE-2016-8745.patch.

f024dde... by Marc Deslauriers on 2017-02-17

fix remote code execution via JmxRemoteLifecycleListener

Gbp-Pq: CVE-2016-8735.patch.

68b3938... by Marc Deslauriers on 2017-02-17

fix HTTP response injection via invalid characters

Gbp-Pq: CVE-2016-6816.patch.

3d924fc... by Marc Deslauriers on 2017-02-17

fix web application global JNDI resource access

Gbp-Pq: CVE-2016-6797.patch.

6ce265f... by Marc Deslauriers on 2017-02-17

fix SecurityManager bypass via JSP Servlet configuration parameters

Gbp-Pq: CVE-2016-6796.patch.

1608532... by Marc Deslauriers on 2017-02-17

fix system properties read SecurityManager bypass

Gbp-Pq: CVE-2016-6794.patch.

00026eb... by Marc Deslauriers on 2017-02-17

add mitigaton for httpoxy issue

Gbp-Pq: CVE-2016-5388.patch.

aadda9c... by Marc Deslauriers on 2017-02-17

fix SecurityManager bypass via a utility method

Gbp-Pq: CVE-2016-5018.patch.