-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers
-
Date:
2012-01-25 14:09:00 UTC
-
mfrom:
(26.3.2 maverick-security)
-
Revision ID:
package-import@ubuntu.com-20120125140900-0epd33n04ooxpq5c
Tags: 6.0.28-2ubuntu1.6
* SECURITY UPDATE: denial of service via hash collision and incorrect
handling of large numbers of parameters and parameter values
(LP: #909828)
- debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
code in conf/web.xml,
java/org/apache/catalina/connector/Connector.java,
java/org/apache/catalina/connector/mbeans-descriptors.xml,
java/org/apache/catalina/connector/Request.java,
java/org/apache/catalina/filters/FailedRequestFilter.java,
java/org/apache/catalina/Globals.java,
java/org/apache/coyote/Request.java,
java/org/apache/tomcat/util/buf/B2CConverter.java,
java/org/apache/tomcat/util/buf/ByteChunk.java,
java/org/apache/tomcat/util/buf/MessageBytes.java,
java/org/apache/tomcat/util/buf/StringCache.java,
java/org/apache/tomcat/util/http/LocalStrings.properties,
java/org/apache/tomcat/util/http/Parameters.java,
webapps/docs/config/ajp.xml,
webapps/docs/config/http.xml.
- CVE-2011-4858
- CVE-2012-0022