[ubuntu/precise] tomcat6 6.0.32-6ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Nov 8 14:05:46 UTC 2011 

tomcat6 (6.0.32-6ubuntu1) precise; urgency=low

  * SECURITY UPDATE: HTTP DIGEST authentication weaknesses
    - debian/patches/0014-CVE-2011-1184.patch: add new nonce options in
      java/org/apache/catalina/authenticator/DigestAuthenticator.java,
      java/org/apache/catalina/authenticator/LocalStrings.properties,
      java/org/apache/catalina/authenticator/mbeans-descriptors.xml,
      java/org/apache/catalina/realm/RealmBase.java,
      webapps/docs/config/valve.xml.
    - CVE-2011-1184
  * SECURITY UPDATE: file restriction bypass or denial of service via
    untrusted web application.
    - debian/patches/0015-CVE-2011-2526.patch: check canonical name in
      java/org/apache/catalina/connector/LocalStrings.properties,
      java/org/apache/catalina/connector/Request.java,
      java/org/apache/catalina/servlets/DefaultServlet.java,
      java/org/apache/coyote/http11/Http11AprProcessor.java,
      java/org/apache/coyote/http11/LocalStrings.properties,
      java/org/apache/tomcat/util/net/AprEndpoint.java,
      java/org/apache/tomcat/util/net/NioEndpoint.java.
    - CVE-2011-2526

Date: Tue, 08 Nov 2011 07:55:32 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/tomcat6/6.0.32-6ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 08 Nov 2011 07:55:32 -0500
Source: tomcat6
Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs tomcat6-extras
Architecture: source
Version: 6.0.32-6ubuntu1
Distribution: precise
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes
 libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation
 libtomcat6-java - Servlet and JSP engine -- core libraries
 tomcat6    - Servlet and JSP engine
 tomcat6-admin - Servlet and JSP engine -- admin web applications
 tomcat6-common - Servlet and JSP engine -- common files
 tomcat6-docs - Servlet and JSP engine -- documentation
 tomcat6-examples - Servlet and JSP engine -- example web applications
 tomcat6-extras - Servlet and JSP engine -- additional components
 tomcat6-user - Servlet and JSP engine -- tools to create user instances
Changes: 
 tomcat6 (6.0.32-6ubuntu1) precise; urgency=low
 .
   * SECURITY UPDATE: HTTP DIGEST authentication weaknesses
     - debian/patches/0014-CVE-2011-1184.patch: add new nonce options in
       java/org/apache/catalina/authenticator/DigestAuthenticator.java,
       java/org/apache/catalina/authenticator/LocalStrings.properties,
       java/org/apache/catalina/authenticator/mbeans-descriptors.xml,
       java/org/apache/catalina/realm/RealmBase.java,
       webapps/docs/config/valve.xml.
     - CVE-2011-1184
   * SECURITY UPDATE: file restriction bypass or denial of service via
     untrusted web application.
     - debian/patches/0015-CVE-2011-2526.patch: check canonical name in
       java/org/apache/catalina/connector/LocalStrings.properties,
       java/org/apache/catalina/connector/Request.java,
       java/org/apache/catalina/servlets/DefaultServlet.java,
       java/org/apache/coyote/http11/Http11AprProcessor.java,
       java/org/apache/coyote/http11/LocalStrings.properties,
       java/org/apache/tomcat/util/net/AprEndpoint.java,
       java/org/apache/tomcat/util/net/NioEndpoint.java.
     - CVE-2011-2526
Checksums-Sha1: 
 0f6a2bdc0930219e338c378d2471c7389fecabd2 2701 tomcat6_6.0.32-6ubuntu1.dsc
 1f99f75bb11f68d06c47f170ce112f791b49e565 54036 tomcat6_6.0.32-6ubuntu1.debian.tar.gz
Checksums-Sha256: 
 a3b540a0d5973ddf58f9c893fe08509cac39aafcbccdb70e195d993fb1d2c031 2701 tomcat6_6.0.32-6ubuntu1.dsc
 b193061818e520df819e75c32f3c03cbc3fd5844377eeab91538c22e332103be 54036 tomcat6_6.0.32-6ubuntu1.debian.tar.gz
Files: 
 5e33fa83018ec170e3046c5c5957906d 2701 java optional tomcat6_6.0.32-6ubuntu1.dsc
 17c7a78dfc23d2dccb1cbd5d7a9b40b9 54036 java optional tomcat6_6.0.32-6ubuntu1.debian.tar.gz
Original-Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJOuTWJAAoJEGVp2FWnRL6TOyIP/2oKi1RkyACWAohPQoNeGdTW
t72b3Z0m9ePQflIO9bWb41Qk/r4bLEkya2EYmQVvdDnzxpLoyEntloSacJx4PE79
ZC9wiB7K+YRO3uOGfDnIOqnCKlb9PnqNVzHGxkFQx2IfMauvR3NpSZDyAdoxUhAV
1uRFvOSxNQT+bOHE3LGp6JP9gLG9djp2cp45SERhozDzneKPGlaVGEpfQESurrdB
8tRjDhd9PA1P8TW986UrStMIB8f3NVNvYcnbQwmLsmYhb3h9jl+P44rQyRzxe+ir
PV/GXcOzXck+HA1gWCaTKru01tGM9JNjhkchJICHAO06a72DFaxhhKgud0ni98Ry
i6txB9eqk/b8guZQpvPiSHv0LlFrdgvtnN8YcNLpbRdAquX0aLngICa+06PNXj/x
oEof3LJ/ZJE5WRcDfojvXfLIt7Puh0u4530ajrJVTBoGvp+6u/y8Q7l+FLwPVe/Y
y1zjXKJPM7heZk5K5KX0d0GONgWf/vphyHs76X7zl26MfdDC2g6+r8oQRlnS+3oj
0iRiSyP/VjLNTWGyVmzlNpFoXxD3XPymeuQwBjNeKzPdplxy42px9VWjSGuuckn3
yiY6U2yyzdKPIw54PQ2ZzTp8Fi0OXICuCCd9Krbyr15+9shrfNKrEzqhNEK6MBSG
GLqDBKzhjmJOguYp43wK
=Fg01
-----END PGP SIGNATURE-----

More information about the Precise-changes mailing list