Last commit made on 2013-03-16
Get this branch:
git clone -b applied/ubuntu/oneiric-security https://git.launchpad.net/ubuntu/+source/tomcat7
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

2319ff4... by Christian Kuersteiner on 2013-03-15

Import patches-applied version 7.0.21-1ubuntu0.1 to applied/ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 6670c632db3f47f7436c6d038fa70384effc3348
Unapplied parent: e631b6313fc6754cf97260c21eabafb492bfc875

New changelog entries:
  [Christian Kuersteiner]
  * SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
    (LP: #1115053)
    - debian/patches/CVE-2012-0022.patch: Fix for Denial of service. Based on
      upstream patch.
    - CVE-2012-0022, CVE-2011-4858
    - debian/patches/CVE-2011-3375.patch: Fix for information disclosure. Based
      on upstream patch.
    - CVE-2011-3375
    - debian/patches/CVE-2011-3376.patch: Fix for privilege escalation. Based on
      upstream patch.
    - CVE-2011-3376
    - debian/patches/CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
      Service. Based on upstream patch.
    - CVE-2012-2733
    - debian/patches/CVE-2012-3546.patch: Fix for bypass of security
      constraints. Based on upstream patch.
    - CVE-2012-3546
    - debian/patches/CVE-2012-4431.patch: Fix for bypass of CSRF prevention
      filter. Based on upstream patch.
    - CVE-2012-4431
    - debian/patches/CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
      Service Vulnerability. Based on upstream patch.
    - CVE-2012-4534
    - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
      weaknesses. Based on upstream patch.
    - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887
  [ Jamie Strandboge ]
  * allow for easily running the testsuite:
    - debian/control: add testsuite build-depends
    - debian/rules:
      + add 'testsuite' target
      + add ANT_TS_ARGS for use in the testsuite target
      + cleanup the testsuite
    - add debian/README.source for information on how to use the testsuite

e631b63... by Christian Kuersteiner on 2013-03-15

Fix for CVE-2012-4534 Denial of Service Vulnerability

Gbp-Pq: CVE-2012-4534.patch.

84d1c56... by Christian Kuersteiner on 2013-03-15

Improve session management in CsrfPreventionFilter

Gbp-Pq: CVE-2012-4431.patch.

357540d... by Christian Kuersteiner on 2013-03-15

Remove unneeded handling of FORM authentication in RealmBase.

Gbp-Pq: CVE-2012-3546.patch.

9e9a062... by Christian Kuersteiner on 2013-03-15

Digest improvements: disable caching of authenticated user in session by default,

Gbp-Pq: CVE-2012-3439.patch.

c561a54... by Christian Kuersteiner on 2013-03-15

Improve InternalNioInputBuffer#parseHeaders()

Gbp-Pq: CVE-2012-2733.patch.

2deadb6... by Christian Kuersteiner on 2013-03-15

ContainerServlets are always restricted.

Gbp-Pq: CVE-2011-3376.patch.

3c4b779... by Christian Kuersteiner on 2013-03-15

Ensure access log always logs the correct remote IP.

Gbp-Pq: CVE-2011-3375.patch.

f800d18... by Christian Kuersteiner on 2013-03-15

Re-factor parameter parsing to improve performance.

Gbp-Pq: CVE-2012-0022.patch.

5e55694... by Christian Kuersteiner on 2013-03-15

Fix codeless-jar and missing-classpath lintian warnings

Gbp-Pq: 0011-fix-classpath-lintian-warnings.patch.