ubuntu/+source/tomcat7:applied/ubuntu/precise-security

Last commit made on 2013-04-01
Get this branch:
git clone -b applied/ubuntu/precise-security https://git.launchpad.net/ubuntu/+source/tomcat7
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/precise-security
Repository:
lp:ubuntu/+source/tomcat7

Recent commits

eea4c78... by Christian Kuersteiner on 2013-03-19

Import patches-applied version 7.0.26-1ubuntu1.2 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: a28339679ae343a048484fe48d3d9fce475dcc5f
Unapplied parent: dc7291a6ddc4e2fce7afbacd6ec3e6b5e8a3385c

New changelog entries:
  [Christian Kuersteiner]
  * SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
    (LP: #1115053)
    - debian/patches/0013-CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
      Service. Based on upstream patch.
    - CVE-2012-2733
    - debian/patches/0014-CVE-2012-3546.patch: Fix for bypass of security
      constraints. Based on upstream patch.
    - CVE-2012-3546
    - debian/patches/0015-CVE-2012-4431.patch: Fix for bypass of CSRF prevention
      filter. Based on upstream patch.
    - CVE-2012-4431
    - debian/patches/0016-CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
      Service Vulnerability. Based on upstream patch.
    - CVE-2012-4534
    - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
      weaknesses. Based on upstream patch.
    - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887
  [ Jamie Strandboge ]
  * allow for easily running the testsuite:
    - debian/control: add testsuite build-depends
    - debian/rules:
      + add 'testsuite' target
      + add ANT_TS_ARGS for use in the testsuite target
      + cleanup the testsuite
    - add debian/README.source for information on how to use the testsuite

dc7291a... by Christian Kuersteiner on 2013-03-19

Digest improvements: disable caching of authenticated user in session by default,

Gbp-Pq: 0017-CVE-2012-3439.patch.

1c7cb9e... by Christian Kuersteiner on 2013-03-19

Fix for CVE-2012-4534 Denial of Service Vulnerability

Gbp-Pq: 0016-CVE-2012-4534.patch.

689fbec... by Christian Kuersteiner on 2013-03-19

Improve session management in CsrfPreventionFilter

Gbp-Pq: 0015-CVE-2012-4431.patch.

010459f... by Christian Kuersteiner on 2013-03-19

Remove unneeded handling of FORM authentication in RealmBase.

Gbp-Pq: 0014-CVE-2012-3546.patch.

5e9790d... by Christian Kuersteiner on 2013-03-19

Improve InternalNioInputBuffer#parseHeaders()

Gbp-Pq: 0013-CVE-2012-2733.patch.

d1345df... by Christian Kuersteiner on 2013-03-19

Fixup handling of JNDI name parsing.

Gbp-Pq: 0012-lp-1012794-fix-jndi-lookup.patch.

11eeca7... by Christian Kuersteiner on 2013-03-19

Fix codeless-jar and missing-classpath lintian warnings

Gbp-Pq: 0011-fix-classpath-lintian-warnings.patch.

1a1dbeb... by Christian Kuersteiner on 2013-03-19

Disable usage of embedded library copies

Gbp-Pq: 0010-debianize-build-xml.patch.

2e51f76... by Christian Kuersteiner on 2013-03-19

[PATCH] Use java.security.policy file in catalina.sh

Gbp-Pq: 0009-Use-java.security.policy-file-in-catalina.sh.patch.