- Committer: Package Import Robot
- Date: 2012-01-25 09:00:23 UTC
- Revision ID: package-import@ubuntu.com-20120125090023-a24chib64ipmtg4p
* SECURITY UPDATE: cross-request information leakage
- debian/patches/0016-CVE-2011-3375.patch: ensure that the request and
response objects are recycled after being re-populated in
java/org/apache/catalina/connector/CoyoteAdapter.java,
java/org/apache/coyote/ajp/AjpAprProcessor.java,
java/org/apache/coyote/ajp/AjpProcessor.java,
java/org/apache/coyote/http11/Http11AprProcessor.java,
java/org/apache/coyote/http11/Http11NioProcessor.java,
java/org/apache/coyote/http11/Http11Processor.java.
- CVE-2011-3375
* SECURITY UPDATE: denial of service via hash collision and incorrect
handling of large numbers of parameters and parameter values
(LP: #909828)
- debian/patches/0017-CVE-2012-0022.patch: refactor parameter handling
code in conf/web.xml,
java/org/apache/catalina/connector/Connector.java,
java/org/apache/catalina/connector/mbeans-descriptors.xml,
java/org/apache/catalina/connector/Request.java,
java/org/apache/catalina/filters/FilterBase.java,
java/org/apache/catalina/filters/FailedRequestFilter.java,
java/org/apache/catalina/Globals.java,
java/org/apache/coyote/Request.java,
java/org/apache/tomcat/util/buf/B2CConverter.java,
java/org/apache/tomcat/util/buf/ByteChunk.java,
java/org/apache/tomcat/util/buf/MessageBytes.java,
java/org/apache/tomcat/util/buf/StringCache.java,
java/org/apache/tomcat/util/http/LocalStrings.properties,
java/org/apache/tomcat/util/http/Parameters.java,
webapps/docs/config/ajp.xml,
webapps/docs/config/filter.xml,
webapps/docs/config/http.xml.
- CVE-2011-4858
- CVE-2012-0022
- debian/patches/0016-CVE-2011-3375.patch: ensure that the request and
response objects are recycled after being re-populated in
java/org/apache/catalina/connector/CoyoteAdapter.java,
java/org/apache/coyote/ajp/AjpAprProcessor.java,
java/org/apache/coyote/ajp/AjpProcessor.java,
java/org/apache/coyote/http11/Http11AprProcessor.java,
java/org/apache/coyote/http11/Http11NioProcessor.java,
java/org/apache/coyote/http11/Http11Processor.java.
- CVE-2011-3375
* SECURITY UPDATE: denial of service via hash collision and incorrect
handling of large numbers of parameters and parameter values
(LP: #909828)
- debian/patches/0017-CVE-2012-0022.patch: refactor parameter handling
code in conf/web.xml,
java/org/apache/catalina/connector/Connector.java,
java/org/apache/catalina/connector/mbeans-descriptors.xml,
java/org/apache/catalina/connector/Request.java,
java/org/apache/catalina/filters/FilterBase.java,
java/org/apache/catalina/filters/FailedRequestFilter.java,
java/org/apache/catalina/Globals.java,
java/org/apache/coyote/Request.java,
java/org/apache/tomcat/util/buf/B2CConverter.java,
java/org/apache/tomcat/util/buf/ByteChunk.java,
java/org/apache/tomcat/util/buf/MessageBytes.java,
java/org/apache/tomcat/util/buf/StringCache.java,
java/org/apache/tomcat/util/http/LocalStrings.properties,
java/org/apache/tomcat/util/http/Parameters.java,
webapps/docs/config/ajp.xml,
webapps/docs/config/filter.xml,
webapps/docs/config/http.xml.
- CVE-2011-4858
- CVE-2012-0022
| Filename | Latest Rev | Last Changed | Committer | Comment | Size | ||
|---|---|---|---|---|---|---|---|
 .. |
|||||||
.pc
|
2.2.8 | 14 years ago | Bazaar Package Importer | * Fix missing symlinks to tomcat-coyote.jar and |
|
||
|
bin
|
1 | 15 years ago | Bazaar Package Importer | Import upstream version 6.0.16 |
|
||
|
conf
|
1 | 15 years ago | Bazaar Package Importer | Import upstream version 6.0.16 |
|
||
|
debian
|
2 | 15 years ago | Bazaar Package Importer | Initial release. (Closes: #480964). |
|
||
|
java
|
1 | 15 years ago | Bazaar Package Importer | Import upstream version 6.0.16 |
|
||
|
res
|
1 | 15 years ago | Bazaar Package Importer | Import upstream version 6.0.16 |
|
||
|
test
|
1 | 15 years ago | Bazaar Package Importer | Import upstream version 6.0.16 |
|
||
|
webapps
|
1 | 15 years ago | Bazaar Package Importer | Import upstream version 6.0.16 |
|
||
build.properties.default |
1.2.6 | 13 years ago | Bazaar Package Importer | Import upstream version 6.0.32 | 7.2 KB |
|
|
|
build.xml |
2.2.25 | 13 years ago | Bazaar Package Importer | * Team upload. * New upstream release * Remove fol | 32.6 KB |
|
|
|
BUILDING.txt |
1.2.1 | 14 years ago | Bazaar Package Importer | Import upstream version 6.0.20 | 4.7 KB |
|
|
|
dist.xml |
1.2.6 | 13 years ago | Bazaar Package Importer | Import upstream version 6.0.32 | 26.7 KB |
|
|
|
eclipse.classpath |
1.2.6 | 13 years ago | Bazaar Package Importer | Import upstream version 6.0.32 | 1.4 KB |
|
|
|
eclipse.project |
1.2.5 | 13 years ago | Bazaar Package Importer | Import upstream version 6.0.28 | 1.1 KB |
|
|
|
extras.xml |
1.2.6 | 13 years ago | Bazaar Package Importer | Import upstream version 6.0.32 | 14.9 KB |
|
|
|
KEYS |
1.2.6 | 13 years ago | Bazaar Package Importer | Import upstream version 6.0.32 | 23.3 KB |
|
|
|
LICENSE |
1.2.6 | 13 years ago | Bazaar Package Importer | Import upstream version 6.0.32 | 37 KB |
|
|
|
NOTICE |
1.2.6 | 13 years ago | Bazaar Package Importer | Import upstream version 6.0.32 | 558 bytes |
|
|
|
RELEASE-NOTES |
1.2.6 | 13 years ago | Bazaar Package Importer | Import upstream version 6.0.32 | 8.4 KB |
|
|
|
RELEASE-PLAN-6.0.txt |
1 | 15 years ago | Bazaar Package Importer | Import upstream version 6.0.16 | 2.3 KB |
|
|
|
RUNNING.txt |
1.2.3 | 14 years ago | Bazaar Package Importer | Import upstream version 6.0.24 | 6.5 KB |
|
|
|
STATUS.txt |
1.2.6 | 13 years ago | Bazaar Package Importer | Import upstream version 6.0.32 | 4.3 KB |
|
|