[Bug 1115053] Re: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10
Christian Kuersteiner
ckuerste at gmx.ch
Wed Mar 13 04:29:20 UTC 2013
I rewrote the description on CVE-2012-3439.patch and fixed the
whitespace changes in CVE-2012-0022.patch as far as I saw them.
CVE-2012-3439 gave me quite some headache since the testcases upstream changed already before a lot and it was hard to adopt to the oneiric version. Either I would have to try to backport all the changes from upstream which might mean to change more or less the whole TesterDigestAuthenticatorPerformance.java and cause some further errors because of some changes done somewhere else. Or I leave the testcases as they are and just adopt the needed changes made in the methods in DigestAuthenticator.java.
I went with the second option since the actual security bug was patched in DigestAuthenticator.java. This let me omit the inclusion of ConcurrentMessageDigest.java since this class is just used in the updated testcases. I think it was the rigth decision but let me know if you think different.
This just as an additional information to the DEP-3 description in
CVE-2012-3439.patch.
** Patch added: "lp1115053-oneiric-5.debdiff"
https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+attachment/3571362/+files/lp1115053-oneiric-5.debdiff
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat7 in Ubuntu.
https://bugs.launchpad.net/bugs/1115053
Title:
Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions
More information about the Ubuntu-server-bugs
mailing list