23
|
|
* SECURITY UPDATE: information disclosure via log file - debian/patches/0015-CVE-2011-2204.patch: fix logging in java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java, java/org/apache/catalina/users/MemoryUserDatabase.java, java/org/apache/catalina/users/MemoryUser.java. - CVE-2011-2204 * SECURITY UPDATE: file restriction bypass or denial of service via untrusted web application. - debian/patches/0016-CVE-2011-2526.patch: check canonical name in java/org/apache/catalina/connector/LocalStrings.properties, java/org/apache/catalina/connector/Request.java, java/org/apache/catalina/servlets/DefaultServlet.java, java/org/apache/coyote/http11/Http11AprProcessor.java, java/org/apache/coyote/http11/LocalStrings.properties, java/org/apache/tomcat/util/net/AprEndpoint.java, java/org/apache/tomcat/util/net/NioEndpoint.java. - CVE-2011-2526 * SECURITY UPDATE: AJP request spoofing and authentication bypass (LP: #843701) - debian/patches/0017-CVE-2011-3190.patch: Properly handle request bodies in java/org/apache/coyote/ajp/AjpAprProcessor.java, java/org/apache/coyote/ajp/AjpProcessor.java. - CVE-2011-3190 * SECURITY UPDATE: HTTP DIGEST authentication weaknesses - debian/patches/0018-CVE-2011-1184.patch: add new nonce options in java/org/apache/catalina/authenticator/DigestAuthenticator.java, java/org/apache/catalina/authenticator/LocalStrings.properties, java/org/apache/catalina/authenticator/mbeans-descriptors.xml, java/org/apache/catalina/realm/RealmBase.java, webapps/docs/config/valve.xml. - CVE-2011-1184
|
Marc Deslauriers |
6.0.24-2ubuntu1.9 |
12 years ago
|
|
|
22
|
|
|
Marc Deslauriers |
6.0.24-2ubuntu1.7 |
13 years ago
|
|
|
21
|
|
|
Marc Deslauriers |
6.0.24-2ubuntu1.6 |
13 years ago
|
|
|
20
|
|
|
Marc Deslauriers |
6.0.24-2ubuntu1.3 |
13 years ago
|
|
|
19
|
|
|
Thierry Carrez |
6.0.24-2ubuntu1 |
14 years ago
|
|
|
18
|
|
|
Ludovic Claude |
6.0.24-2 |
14 years ago
|
|
|
17
|
|
|
Ludovic Claude |
6.0.24-1 |
14 years ago
|
|
|
16
|
|
|
Torsten Werner |
6.0.20-dfsg1-1 |
14 years ago
|
|
|
15
|
|
|
Niels Thykier |
6.0.20-9 |
14 years ago
|
|
|
14
|
|
|
Thierry Carrez |
6.0.20-8ubuntu1 |
14 years ago
|
|
|
13
|
|
|
Matthias Klose |
6.0.20-2ubuntu2 |
14 years ago
|
|
|
12
|
|
|
Iulian Udrea |
6.0.20-2ubuntu1 |
14 years ago
|
|
|
11
|
|
|
Mathias Gug |
6.0.20-1ubuntu1 |
14 years ago
|
|
|
10
|
|
|
Thierry Carrez |
6.0.18-3ubuntu1 |
15 years ago
|
|
|
9
|
|
|
Thierry Carrez |
6.0.18-0ubuntu6 |
15 years ago
|
|
|
8
|
|
|
Mathias Gug |
6.0.18-0ubuntu5 |
15 years ago
|
|
|
7
|
|
* tomcat6.init, tomcat6.postinst, tomcat6.dirs, tomcat6.default, README.debian: Use /tmp/tomcat6-temp instead of /var/lib/tomcat6/temp as the JVM temporary directory and clean it at each restart (LP: #287452) * policy/04webapps.policy: add rules to allow usage of java.io.tmpdir * tomcat6.init, rules: Do not use TearDown, as this results in LifecycleListener callbacks in webapps being bypassed (LP: #299436) * rules: Compile at Java 1.5 level to allow usage of Java 5 JREs (LP: #286427) * control, rules, libservlet2.5-java-doc.install, libservlet2.5-java-doc.links: New libservlet2.5-java-doc package ships missing Servlet/JSP API documentation (LP: #279645) * patches/use-commons-dbcp.patch: Change default DBCP factory class to org.apache.commons.dbcp.BasicDataSourceFactory (LP: #283852) * tomcat6.dirs, tomcat6.postinst, default_root/index.html: Create Catalina/localhost in /etc/tomcat6 and make it writeable by the tomcat6 group, so that autodeploy and admin webapps work as expected (LP: #294277) * patches/disable-apr-loading.patch: Disable APR library loading until we properly provide it. * patches/disable-ajp-connector: Do not load AJP13 connector by default (LP: #300697) * rules: minor fixes to prevent build being called twice.
|
Thierry Carrez |
6.0.18-0ubuntu4 |
15 years ago
|
|
|
6
|
|
|
Thierry Carrez |
6.0.18-0ubuntu3 |
15 years ago
|
|
|
5
|
|
|
Thierry Carrez |
6.0.18-0ubuntu2 |
15 years ago
|
|
|
4
|
|
|
Thierry Carrez |
6.0.18-0ubuntu1 |
15 years ago
|
|
|