Viewing all changes in revision 25.
- Committer: Package Import Robot
- Date: 2012-11-21 10:44:41 UTC
- Revision ID: package-import@ubuntu.com-20121121104441-8cyr7frbxdvpq5mm
* SECURITY UPDATE: denial of service via large header data
- debian/patches/0012-CVE-2012-2733.patch: improve size logic in
java/org/apache/coyote/http11/InternalNioInputBuffer.java.
- CVE-2012-2733
* SECURITY UPDATE: multiple HTTP Digest Access Authentication flaws
- debian/patches/0013-CVE-2012-588x.patch: disable caching of an
authenticated user in the session by default, track server rather
than client nonces, better handling of stale nonce values in
java/org/apache/catalina/authenticator/DigestAuthenticator.java.
- CVE-2012-3439
- CVE-2012-5885
- CVE-2012-5886
- CVE-2012-5887
- debian/patches/0012-CVE-2012-2733.patch: improve size logic in
java/org/apache/coyote/http11/InternalNioInputBuffer.java.
- CVE-2012-2733
* SECURITY UPDATE: multiple HTTP Digest Access Authentication flaws
- debian/patches/0013-CVE-2012-588x.patch: disable caching of an
authenticated user in the session by default, track server rather
than client nonces, better handling of stale nonce values in
java/org/apache/catalina/authenticator/DigestAuthenticator.java.
- CVE-2012-3439
- CVE-2012-5885
- CVE-2012-5886
- CVE-2012-5887
- files added:
- .pc/.quilt_patches
- .pc/0012-CVE-2012-2733.patch
- .pc/0012-CVE-2012-2733.patch/java
- .pc/0012-CVE-2012-2733.patch/java/org
- .pc/0012-CVE-2012-2733.patch/java/org/apache
- .pc/0012-CVE-2012-2733.patch/java/org/apache/coyote
- .pc/0012-CVE-2012-2733.patch/java/org/apache/coyote/http11
- .pc/0013-CVE-2012-588x.patch
- .pc/0013-CVE-2012-588x.patch/java
- .pc/0013-CVE-2012-588x.patch/java/org
- .pc/0013-CVE-2012-588x.patch/java/org/apache
- .pc/0013-CVE-2012-588x.patch/java/org/apache/catalina
- .pc/0013-CVE-2012-588x.patch/java/org/apache/catalina/authenticator
- files modified:
- .pc/applied-patches
expand all
collapse all
added
removed
