[ubuntu/maverick-security] tomcat6, tomcat6 (delayed) 6.0.28-2ubuntu1.1 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Mon Jan 24 14:03:26 UTC 2011
tomcat6 (6.0.28-2ubuntu1.1) maverick-security; urgency=low
* SECURITY UPDATE: cross-site scripting in Manager application
- debian/patches/0011-CVE-2010-4172.patch: add proper escaping to
java/org/apache/catalina/manager/JspHelper.java,
webapps/manager/WEB-INF/jsp/{sessionDetail,sessionsList}.jsp.
- patch from Debian 6.0.28-9 package
- CVE-2010-4172
Date: Thu, 13 Jan 2011 15:16:35 -0600
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/tomcat6/6.0.28-2ubuntu1.1
-------------- next part --------------
Format: 1.8
Date: Thu, 13 Jan 2011 15:16:35 -0600
Source: tomcat6
Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs
Architecture: source
Version: 6.0.28-2ubuntu1.1
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes
libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation
libtomcat6-java - Servlet and JSP engine -- core libraries
tomcat6 - Servlet and JSP engine
tomcat6-admin - Servlet and JSP engine -- admin web applications
tomcat6-common - Servlet and JSP engine -- common files
tomcat6-docs - Servlet and JSP engine -- documentation
tomcat6-examples - Servlet and JSP engine -- example web applications
tomcat6-user - Servlet and JSP engine -- tools to create user instances
Changes:
tomcat6 (6.0.28-2ubuntu1.1) maverick-security; urgency=low
.
* SECURITY UPDATE: cross-site scripting in Manager application
- debian/patches/0011-CVE-2010-4172.patch: add proper escaping to
java/org/apache/catalina/manager/JspHelper.java,
webapps/manager/WEB-INF/jsp/{sessionDetail,sessionsList}.jsp.
- patch from Debian 6.0.28-9 package
- CVE-2010-4172
Checksums-Sha1:
ff6626c00f1a37a83904abd597b660cc05354145 2360 tomcat6_6.0.28-2ubuntu1.1.dsc
f02e2424fdd89253499f46dfba1804050b7bbf6f 34180 tomcat6_6.0.28-2ubuntu1.1.debian.tar.gz
Checksums-Sha256:
cf01c62971ad3644e7760c40186c5bc8049e933dfa7f22ba2d1188559190b0ed 2360 tomcat6_6.0.28-2ubuntu1.1.dsc
223e9ac1ebd3afb7f9da75ab5e714d577ae62f37b80a3a4b74b5af5fe72d39fe 34180 tomcat6_6.0.28-2ubuntu1.1.debian.tar.gz
Files:
b88dde12cb761f398c6cb2848a68d5ca 2360 java optional tomcat6_6.0.28-2ubuntu1.1.dsc
9a58889c9a818f3932ab3fb06e07a0c2 34180 java optional tomcat6_6.0.28-2ubuntu1.1.debian.tar.gz
Original-Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
More information about the Maverick-changes
mailing list