1
tomcat6 (6.0.28-2ubuntu1.6) maverick-security; urgency=low
3
* SECURITY UPDATE: denial of service via hash collision and incorrect
4
handling of large numbers of parameters and parameter values
6
- debian/patches/0019-CVE-2012-0022.patch: refactor parameter handling
8
java/org/apache/catalina/connector/Connector.java,
9
java/org/apache/catalina/connector/mbeans-descriptors.xml,
10
java/org/apache/catalina/connector/Request.java,
11
java/org/apache/catalina/filters/FailedRequestFilter.java,
12
java/org/apache/catalina/Globals.java,
13
java/org/apache/coyote/Request.java,
14
java/org/apache/tomcat/util/buf/B2CConverter.java,
15
java/org/apache/tomcat/util/buf/ByteChunk.java,
16
java/org/apache/tomcat/util/buf/MessageBytes.java,
17
java/org/apache/tomcat/util/buf/StringCache.java,
18
java/org/apache/tomcat/util/http/LocalStrings.properties,
19
java/org/apache/tomcat/util/http/Parameters.java,
20
webapps/docs/config/ajp.xml,
21
webapps/docs/config/http.xml.
25
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 Jan 2012 14:09:00 -0500
1
27
tomcat6 (6.0.28-2ubuntu1.5) maverick-security; urgency=low
3
29
* SECURITY UPDATE: information disclosure via log file