Viewing all changes in revision 14.
- Committer: Bazaar Package Importer
- Date: 2010-02-10 15:46:14 UTC
- Revision ID: james.westby@ubuntu.com-20100210154614-r0p99qzbu1g6kau1
* SECURITY UPDATE: arbitrary file creation or overwrite from directory
traversal via a .. entry in a WAR file.
- CVE-2009-2693
* SECURITY UPDATE: authentication bypass via autodeployment process
- CVE-2009-2901
* SECURITY UPDATE: work-directory file deletion via directory traversal
sequences in a WAR filename.
- CVE-2009-2902
- debian/patches/security_CVE-2009-2693_2901_2902.patch: validate file
names and paths in java/org/apache/catalina/loader/
{LocalStrings.properties,WebappClassLoader.java},
java/org/apache/catalina/startup/{ContextConfig.java,ExpandWar.java,
HostConfig.java,LocalStrings.properties}
traversal via a .. entry in a WAR file.
- CVE-2009-2693
* SECURITY UPDATE: authentication bypass via autodeployment process
- CVE-2009-2901
* SECURITY UPDATE: work-directory file deletion via directory traversal
sequences in a WAR filename.
- CVE-2009-2902
- debian/patches/security_CVE-2009-2693_2901_2902.patch: validate file
names and paths in java/org/apache/catalina/loader/
{LocalStrings.properties,WebappClassLoader.java},
java/org/apache/catalina/startup/{ContextConfig.java,ExpandWar.java,
HostConfig.java,LocalStrings.properties}
- files modified:
- debian/changelog
expand all
collapse all
added
removed
