ubuntu/+source/tomcat6:debian/sid

Last commit made on 2016-02-27
Get this branch:
git clone -b debian/sid https://git.launchpad.net/ubuntu/+source/tomcat6
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
debian/sid
Repository:
lp:ubuntu/+source/tomcat6

Recent commits

8ade412... by Markus Koschany <email address hidden> on 2016-02-27

Import patches-unapplied version 6.0.45+dfsg-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b9ac5ecafc7085602d4e797ecf0008a7a58b3517

New changelog entries:
  * Team upload.
  * Imported Upstream version 6.0.45+dfsg.
    - Remove all prebuilt jar files.
  * Declare compliance with Debian Policy 3.9.7.
  * Vcs-fields: Use https.
  * This update fixes the following security vulnerabilities in the source
    package. Since src:tomcat6 only builds libservlet2.5-java and
    documentation, users are not directly affected.
    - CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java.
    - CVE-2015-5345: The Mapper component in Apache Tomcat before 6.0.45
      processes redirects before considering security constraints and Filters.
    - CVE-2016-0706: Apache Tomcat before 6.0.45 does not place
      org.apache.catalina.manager.StatusManagerServlet on the
      org/apache/catalina/core/RestrictedServlets.properties list which allows
      remote authenticated users to bypass intended SecurityManager
      restrictions.
    - CVE-2016-0714: The session-persistence implementation in Apache Tomcat
      before 6.0.45 mishandles session attributes, which allows remote
      authenticated users to bypass intended SecurityManager restrictions.
    - CVE-2016-0763: The setGlobalContext method in
      org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat does
      not consider whether ResourceLinkFactory.setGlobalContext callers are
      authorized, which allows remote authenticated users to bypass intended
      SecurityManager restrictions and read or write to arbitrary application
      data, or cause a denial of service (application disruption), via a web
      application that sets a crafted global context.
    - CVE-2015-5351: The Manager and Host Manager applications in
      Apache Tomcat establish sessions and send CSRF tokens for arbitrary new
      requests, which allows remote attackers to bypass a CSRF protection
      mechanism by using a token.

b9ac5ec... by Emmanuel Bourg on 2015-05-06

Import patches-unapplied version 6.0.41-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 11326220cc9a5136e961c0fea16e443789b4e964

New changelog entries:
  * Removed the timstamp from the Javadoc of the Servlet API
    to make the build reproducible

1132622... by Emmanuel Bourg on 2014-10-22

Import patches-unapplied version 6.0.41-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 070174a4696026951975f053a9b5d0955115ed43

New changelog entries:
  * Build only the libservlet2.5-java and libservlet2.5-java-doc packages.
    Tomcat 6 will not be supported in Jessie, but the Servlet API is still
    useful as a build dependency for other packages.
  * Standards-Version updated to 3.9.6 (no changes)

070174a... by Tony Mancill on 2014-08-24

Import patches-unapplied version 6.0.41-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ea5e3109ad88d4165f7044f056c32b1079744f02

New changelog entries:
  [ Emmanuel Bourg ]
  * Updated the version required for libtcnative-1 (>= 1.1.30)
  [ tony mancill ]
  * Add patch for logfile compression. (Closes: #682955)
    - Thank you to Thijs Kinkhorst.

ea5e310... by Emmanuel Bourg on 2014-05-22

Import patches-unapplied version 6.0.41-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9a275391aa32a30784e2452e9f971a1fe82e1319

New changelog entries:
  * New upstream release.
    - Refreshed the patches

9a27539... by Emmanuel Bourg on 2014-02-16

Import patches-unapplied version 6.0.39-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ce537e10f2c2627c2b41ca1b64be98cf61cd2d93

New changelog entries:
  * Team upload.
  * New upstream release.
    - Refreshed the patches
  * Standards-Version updated to 3.9.5 (no changes)
  * Switch to debhelper level 9
  * Use XZ compression for the upstream tarball
  * Use canonical URL for the Vcs-Git field

ce537e1... by Tony Mancill on 2013-08-04

Import patches-unapplied version 6.0.37-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 12f003fbf61503009ca78e513a97d70ed34dc9df

New changelog entries:
  * New upstream release.
    - Drop patches for CVE-2012-4534, CVE-2012-4431, CVE-2012-3546,
      CVE-2012-2733, CVE-2012-3439
    - Drop 0011-CVE-02012-0022-regression-fix.patch
    - Drop 0017-eclipse-compiler-update.patch
  * Freshened remaining patches.

12f003f... by Stephen Nelson on 2013-07-30

Import patches-unapplied version 6.0.35-7 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e822d41283b7b1463de27afb2ffe24951565ac6b

New changelog entries:
  * Team upload.
  * Fixed the watch file
  * Fix FTBFS with ecj 3.8 (closes: #717279, #713796)
  * Updated the standards version to 3.9.4 - no changes
  * Updated the Vcs-Git field to the canonical url

e822d41... by Tony Mancill on 2012-12-07

Import patches-unapplied version 6.0.35-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d00c9f1ebacb01aed9d8eb19f1c3bc0805a88de3

New changelog entries:
  * Acknowledge NMU: 6.0.35-5+nmu1 (Closes: #692440)
    - Thank you to Michael Gilbert.
  * Add patches for the following security issues: (Closes: #695250)
    - CVE-2012-4534, CVE-2012-4431, CVE-2012-3546

d00c9f1... by Michael Gilbert <email address hidden> on 2012-11-17

Import patches-unapplied version 6.0.35-5+nmu1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 32ca89b725ef4f08aa0e63a3b2f166179ee6ae79

New changelog entries:
  * Non-maintainer upload.
  * Fix multiple security issues (closes: #692440)
    - cve-2012-2733: denial-of-service by triggering out of memory error.
    - cve-2012-3439: multiple replay attack issues in digest authentication.