29
|
|
|
Marc Deslauriers |
6.0.24-2ubuntu1.16 |
9 years ago
|
|
|
28
|
|
|
Marc Deslauriers |
6.0.24-2ubuntu1.15 |
10 years ago
|
|
|
27
|
|
|
Marc Deslauriers |
6.0.24-2ubuntu1.13 |
10 years ago
|
|
|
26
|
|
|
Marc Deslauriers |
6.0.24-2ubuntu1.12 |
11 years ago
|
|
|
25
|
|
|
Marc Deslauriers |
6.0.24-2ubuntu1.11 |
11 years ago
|
|
|
24
|
|
* SECURITY UPDATE: denial of service via hash collision and incorrect handling of large numbers of parameters and parameter values (LP: #909828) - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling code in conf/web.xml, java/org/apache/catalina/connector/Connector.java, java/org/apache/catalina/connector/mbeans-descriptors.xml, java/org/apache/catalina/connector/Request.java, java/org/apache/catalina/filters/FailedRequestFilter.java, java/org/apache/catalina/Globals.java, java/org/apache/coyote/Request.java, java/org/apache/tomcat/util/buf/B2CConverter.java, java/org/apache/tomcat/util/buf/ByteChunk.java, java/org/apache/tomcat/util/buf/MessageBytes.java, java/org/apache/tomcat/util/buf/StringCache.java, java/org/apache/tomcat/util/http/LocalStrings.properties, java/org/apache/tomcat/util/http/Parameters.java, webapps/docs/config/ajp.xml, webapps/docs/config/http.xml. - CVE-2011-4858 - CVE-2012-0022
|
Marc Deslauriers |
6.0.24-2ubuntu1.10 |
12 years ago
|
|
|
23
|
|
* SECURITY UPDATE: information disclosure via log file - debian/patches/0015-CVE-2011-2204.patch: fix logging in java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java, java/org/apache/catalina/users/MemoryUserDatabase.java, java/org/apache/catalina/users/MemoryUser.java. - CVE-2011-2204 * SECURITY UPDATE: file restriction bypass or denial of service via untrusted web application. - debian/patches/0016-CVE-2011-2526.patch: check canonical name in java/org/apache/catalina/connector/LocalStrings.properties, java/org/apache/catalina/connector/Request.java, java/org/apache/catalina/servlets/DefaultServlet.java, java/org/apache/coyote/http11/Http11AprProcessor.java, java/org/apache/coyote/http11/LocalStrings.properties, java/org/apache/tomcat/util/net/AprEndpoint.java, java/org/apache/tomcat/util/net/NioEndpoint.java. - CVE-2011-2526 * SECURITY UPDATE: AJP request spoofing and authentication bypass (LP: #843701) - debian/patches/0017-CVE-2011-3190.patch: Properly handle request bodies in java/org/apache/coyote/ajp/AjpAprProcessor.java, java/org/apache/coyote/ajp/AjpProcessor.java. - CVE-2011-3190 * SECURITY UPDATE: HTTP DIGEST authentication weaknesses - debian/patches/0018-CVE-2011-1184.patch: add new nonce options in java/org/apache/catalina/authenticator/DigestAuthenticator.java, java/org/apache/catalina/authenticator/LocalStrings.properties, java/org/apache/catalina/authenticator/mbeans-descriptors.xml, java/org/apache/catalina/realm/RealmBase.java, webapps/docs/config/valve.xml. - CVE-2011-1184
|
Marc Deslauriers |
6.0.24-2ubuntu1.9 |
12 years ago
|
|
|
22
|
|
|
Marc Deslauriers |
6.0.24-2ubuntu1.7 |
13 years ago
|
|
|
21
|
|
|
Marc Deslauriers |
6.0.24-2ubuntu1.6 |
13 years ago
|
|
|
20
|
|
|
Marc Deslauriers |
6.0.24-2ubuntu1.3 |
13 years ago
|
|
|
19
|
|
|
Thierry Carrez |
6.0.24-2ubuntu1 |
14 years ago
|
|
|
18
|
|
|
Ludovic Claude |
6.0.24-2 |
14 years ago
|
|
|
17
|
|
|
Ludovic Claude |
6.0.24-1 |
14 years ago
|
|
|
16
|
|
|
Torsten Werner |
6.0.20-dfsg1-1 |
14 years ago
|
|
|
15
|
|
|
Niels Thykier |
6.0.20-9 |
14 years ago
|
|
|
14
|
|
|
Thierry Carrez |
6.0.20-8ubuntu1 |
14 years ago
|
|
|
13
|
|
|
Matthias Klose |
6.0.20-2ubuntu2 |
14 years ago
|
|
|
12
|
|
|
Iulian Udrea |
6.0.20-2ubuntu1 |
14 years ago
|
|
|
11
|
|
|
Mathias Gug |
6.0.20-1ubuntu1 |
14 years ago
|
|
|
10
|
|
|
Thierry Carrez |
6.0.18-3ubuntu1 |
14 years ago
|
|
|