← Back to branch summary

~ubuntu-branches/ubuntu/maverick/tomcat6/maverick-security

« back to all changes in this revision

Viewing changes to debian/changelog

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2012-01-25 14:09:00 UTC
  • Revision ID: package-import@ubuntu.com-20120125140900-aczr7udmxci741pv
Tags: 6.0.28-2ubuntu1.6
https://launchpad.net/bugs/909828
* SECURITY UPDATE: denial of service via hash collision and incorrect
  handling of large numbers of parameters and parameter values
  (LP: #909828)
  - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
    code in conf/web.xml,
    java/org/apache/catalina/connector/Connector.java,
    java/org/apache/catalina/connector/mbeans-descriptors.xml,
    java/org/apache/catalina/connector/Request.java,
    java/org/apache/catalina/filters/FailedRequestFilter.java,
    java/org/apache/catalina/Globals.java,
    java/org/apache/coyote/Request.java,
    java/org/apache/tomcat/util/buf/B2CConverter.java,
    java/org/apache/tomcat/util/buf/ByteChunk.java,
    java/org/apache/tomcat/util/buf/MessageBytes.java,
    java/org/apache/tomcat/util/buf/StringCache.java,
    java/org/apache/tomcat/util/http/LocalStrings.properties,
    java/org/apache/tomcat/util/http/Parameters.java,
    webapps/docs/config/ajp.xml,
    webapps/docs/config/http.xml.
  - CVE-2011-4858
  - CVE-2012-0022

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/changelog
 
1
tomcat6 (6.0.28-2ubuntu1.6) maverick-security; urgency=low
 
2
 
 
3
  * SECURITY UPDATE: denial of service via hash collision and incorrect
 
4
    handling of large numbers of parameters and parameter values
 
5
    (LP: #909828)
 
6
    - debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
 
7
      code in conf/web.xml,
 
8
      java/org/apache/catalina/connector/Connector.java,
 
9
      java/org/apache/catalina/connector/mbeans-descriptors.xml,
 
10
      java/org/apache/catalina/connector/Request.java,
 
11
      java/org/apache/catalina/filters/FailedRequestFilter.java,
 
12
      java/org/apache/catalina/Globals.java,
 
13
      java/org/apache/coyote/Request.java,
 
14
      java/org/apache/tomcat/util/buf/B2CConverter.java,
 
15
      java/org/apache/tomcat/util/buf/ByteChunk.java,
 
16
      java/org/apache/tomcat/util/buf/MessageBytes.java,
 
17
      java/org/apache/tomcat/util/buf/StringCache.java,
 
18
      java/org/apache/tomcat/util/http/LocalStrings.properties,
 
19
      java/org/apache/tomcat/util/http/Parameters.java,
 
20
      webapps/docs/config/ajp.xml,
 
21
      webapps/docs/config/http.xml.
 
22
    - CVE-2011-4858
 
23
    - CVE-2012-0022
 
24
 
 
25
 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 25 Jan 2012 14:09:00 -0500
 
26
 
1
27
tomcat6 (6.0.28-2ubuntu1.5) maverick-security; urgency=low
2
28
 
3
29
  * SECURITY UPDATE: information disclosure via log file