« back to all changes in this revision
Viewing changes to java/org/apache/tomcat/util/net/NioEndpoint.java
- Committer: Package Import Robot
- Date: 2011-09-26 11:27:14 UTC
- Revision ID: package-import@ubuntu.com-20110926112714-ngfuvuxfnr5oe2x8
* SECURITY UPDATE: information disclosure via log file
- debian/patches/0015-CVE-2011-2204.patch: fix logging in
java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java,
java/org/apache/catalina/users/MemoryUserDatabase.java,
java/org/apache/catalina/users/MemoryUser.java.
- CVE-2011-2204
* SECURITY UPDATE: file restriction bypass or denial of service via
untrusted web application.
- debian/patches/0016-CVE-2011-2526.patch: check canonical name in
java/org/apache/catalina/connector/LocalStrings.properties,
java/org/apache/catalina/connector/Request.java,
java/org/apache/catalina/servlets/DefaultServlet.java,
java/org/apache/coyote/http11/Http11AprProcessor.java,
java/org/apache/coyote/http11/LocalStrings.properties,
java/org/apache/tomcat/util/net/AprEndpoint.java,
java/org/apache/tomcat/util/net/NioEndpoint.java.
- CVE-2011-2526
* SECURITY UPDATE: AJP request spoofing and authentication bypass
(LP: #843701)
- debian/patches/0017-CVE-2011-3190.patch: Properly handle request
bodies in java/org/apache/coyote/ajp/AjpAprProcessor.java,
java/org/apache/coyote/ajp/AjpProcessor.java.
- CVE-2011-3190
* SECURITY UPDATE: HTTP DIGEST authentication weaknesses
- debian/patches/0018-CVE-2011-1184.patch: add new nonce options in
java/org/apache/catalina/authenticator/DigestAuthenticator.java,
java/org/apache/catalina/authenticator/LocalStrings.properties,
java/org/apache/catalina/authenticator/mbeans-descriptors.xml,
java/org/apache/catalina/realm/RealmBase.java,
webapps/docs/config/valve.xml.
- CVE-2011-1184
- debian/patches/0015-CVE-2011-2204.patch: fix logging in
java/org/apache/catalina/mbeans/MemoryUserDatabaseMBean.java,
java/org/apache/catalina/users/MemoryUserDatabase.java,
java/org/apache/catalina/users/MemoryUser.java.
- CVE-2011-2204
* SECURITY UPDATE: file restriction bypass or denial of service via
untrusted web application.
- debian/patches/0016-CVE-2011-2526.patch: check canonical name in
java/org/apache/catalina/connector/LocalStrings.properties,
java/org/apache/catalina/connector/Request.java,
java/org/apache/catalina/servlets/DefaultServlet.java,
java/org/apache/coyote/http11/Http11AprProcessor.java,
java/org/apache/coyote/http11/LocalStrings.properties,
java/org/apache/tomcat/util/net/AprEndpoint.java,
java/org/apache/tomcat/util/net/NioEndpoint.java.
- CVE-2011-2526
* SECURITY UPDATE: AJP request spoofing and authentication bypass
(LP: #843701)
- debian/patches/0017-CVE-2011-3190.patch: Properly handle request
bodies in java/org/apache/coyote/ajp/AjpAprProcessor.java,
java/org/apache/coyote/ajp/AjpProcessor.java.
- CVE-2011-3190
* SECURITY UPDATE: HTTP DIGEST authentication weaknesses
- debian/patches/0018-CVE-2011-1184.patch: add new nonce options in
java/org/apache/catalina/authenticator/DigestAuthenticator.java,
java/org/apache/catalina/authenticator/LocalStrings.properties,
java/org/apache/catalina/authenticator/mbeans-descriptors.xml,
java/org/apache/catalina/realm/RealmBase.java,
webapps/docs/config/valve.xml.
- CVE-2011-1184
- files added:
- .pc/0015-CVE-2011-2204.patch
- .pc/0015-CVE-2011-2204.patch/java
- .pc/0015-CVE-2011-2204.patch/java/org
- .pc/0015-CVE-2011-2204.patch/java/org/apache
- .pc/0015-CVE-2011-2204.patch/java/org/apache/catalina
- .pc/0015-CVE-2011-2204.patch/java/org/apache/catalina/mbeans
- .pc/0015-CVE-2011-2204.patch/java/org/apache/catalina/users
- .pc/0016-CVE-2011-2526.patch
- .pc/0016-CVE-2011-2526.patch/java
- .pc/0016-CVE-2011-2526.patch/java/org
- .pc/0016-CVE-2011-2526.patch/java/org/apache
- .pc/0016-CVE-2011-2526.patch/java/org/apache/catalina
- .pc/0016-CVE-2011-2526.patch/java/org/apache/catalina/connector
- .pc/0016-CVE-2011-2526.patch/java/org/apache/catalina/servlets
- .pc/0016-CVE-2011-2526.patch/java/org/apache/coyote
- .pc/0016-CVE-2011-2526.patch/java/org/apache/coyote/http11
- .pc/0016-CVE-2011-2526.patch/java/org/apache/tomcat
- .pc/0016-CVE-2011-2526.patch/java/org/apache/tomcat/util
- .pc/0016-CVE-2011-2526.patch/java/org/apache/tomcat/util/net
- .pc/0017-CVE-2011-3190.patch
- .pc/0017-CVE-2011-3190.patch/java
- .pc/0017-CVE-2011-3190.patch/java/org
- .pc/0017-CVE-2011-3190.patch/java/org/apache
- .pc/0017-CVE-2011-3190.patch/java/org/apache/coyote
- .pc/0017-CVE-2011-3190.patch/java/org/apache/coyote/ajp
- .pc/0018-CVE-2011-1184.patch
- .pc/0018-CVE-2011-1184.patch/java
- .pc/0018-CVE-2011-1184.patch/java/org
- .pc/0018-CVE-2011-1184.patch/java/org/apache
- .pc/0018-CVE-2011-1184.patch/java/org/apache/catalina
- .pc/0018-CVE-2011-1184.patch/java/org/apache/catalina/authenticator
- .pc/0018-CVE-2011-1184.patch/java/org/apache/catalina/realm
- .pc/0018-CVE-2011-1184.patch/webapps
- .pc/0018-CVE-2011-1184.patch/webapps/docs
- .pc/0018-CVE-2011-1184.patch/webapps/docs/config
- files modified:
- .pc/applied-patches
added
removed
java/org/apache/tomcat/util/net/NioEndpoint.java
