-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2011-01-13 15:16:35 UTC
-
Revision ID:
james.westby@ubuntu.com-20110113151635-8kv67o69x3tcsrbn
Tags: 6.0.28-2ubuntu1.1
* SECURITY UPDATE: cross-site scripting in Manager application
- debian/patches/0011-CVE-2010-4172.patch: add proper escaping to
java/org/apache/catalina/manager/JspHelper.java,
webapps/manager/WEB-INF/jsp/{sessionDetail,sessionsList}.jsp.
- patch from Debian 6.0.28-9 package
- CVE-2010-4172