← Back to branch summary

~ubuntu-branches/ubuntu/oneiric/tomcat6/oneiric-security

~ubuntu-branches/ubuntu/oneiric/tomcat6/oneiric-security

Viewing all changes in revision 42.

Committer: Package Import Robot
Author(s): Marc Deslauriers
Date: 2013-01-10 10:00:07 UTC
Revision ID: package-import@ubuntu.com-20130110100007-x3zvop2t7d6r3pjf

Tags: 6.0.32-5ubuntu1.4

* SECURITY UPDATE: security-constraint bypass with FORM auth
  - debian/patches/CVE-2012-3546.patch: remove unneeded code in
    java/org/apache/catalina/realm/RealmBase.java.
  - CVE-2012-3546
* SECURITY UPDATE: CSRF bypass via request with no session identifier
  - debian/patches/CVE-2012-4431.patch: check for session identifier in
    java/org/apache/catalina/filters/CsrfPreventionFilter.java.
  - CVE-2012-4431
* SECURITY UPDATE: denial of service with NIO connector
  - debian/patches/CVE-2012-4534.patch: properly handle connection breaks
    in java/org/apache/tomcat/util/net/NioEndpoint.java.
  - CVE-2012-4534

files added:
.pc/CVE-2012-3546.patch

.pc/CVE-2012-3546.patch/java

.pc/CVE-2012-3546.patch/java/org

.pc/CVE-2012-3546.patch/java/org/apache

.pc/CVE-2012-3546.patch/java/org/apache/catalina

.pc/CVE-2012-3546.patch/java/org/apache/catalina/realm

.pc/CVE-2012-3546.patch/java/org/apache/catalina/realm/RealmBase.java

.pc/CVE-2012-4431.patch

.pc/CVE-2012-4431.patch/java

.pc/CVE-2012-4431.patch/java/org

.pc/CVE-2012-4431.patch/java/org/apache

.pc/CVE-2012-4431.patch/java/org/apache/catalina

.pc/CVE-2012-4431.patch/java/org/apache/catalina/filters

.pc/CVE-2012-4431.patch/java/org/apache/catalina/filters/CsrfPreventionFilter.java

.pc/CVE-2012-4534.patch

.pc/CVE-2012-4534.patch/java

.pc/CVE-2012-4534.patch/java/org

.pc/CVE-2012-4534.patch/java/org/apache

.pc/CVE-2012-4534.patch/java/org/apache/tomcat

.pc/CVE-2012-4534.patch/java/org/apache/tomcat/util

.pc/CVE-2012-4534.patch/java/org/apache/tomcat/util/net

.pc/CVE-2012-4534.patch/java/org/apache/tomcat/util/net/NioEndpoint.java

debian/patches/CVE-2012-3546.patch

debian/patches/CVE-2012-4431.patch

debian/patches/CVE-2012-4534.patch

files modified:
.pc/applied-patches

debian/changelog

debian/patches/series

java/org/apache/catalina/filters/CsrfPreventionFilter.java

java/org/apache/catalina/realm/RealmBase.java

java/org/apache/tomcat/util/net/NioEndpoint.java

Show diffs side-by-side

added added

removed removed

.pc/CVE-2012-3546.patch/

.pc/CVE-2012-3546.patch/java/

.pc/CVE-2012-3546.patch/java/org/

.pc/CVE-2012-3546.patch/java/org/apache/

.pc/CVE-2012-3546.patch/java/org/apache/catalina/

.pc/CVE-2012-3546.patch/java/org/apache/catalina/realm/

.pc/CVE-2012-3546.patch/java/org/apache/catalina/realm/RealmBase.java

.pc/CVE-2012-4431.patch/

.pc/CVE-2012-4431.patch/java/

.pc/CVE-2012-4431.patch/java/org/

.pc/CVE-2012-4431.patch/java/org/apache/

.pc/CVE-2012-4431.patch/java/org/apache/catalina/

.pc/CVE-2012-4431.patch/java/org/apache/catalina/filters/

.pc/CVE-2012-4431.patch/java/org/apache/catalina/filters/CsrfPreventionFilter.java

.pc/CVE-2012-4534.patch/

.pc/CVE-2012-4534.patch/java/

.pc/CVE-2012-4534.patch/java/org/

.pc/CVE-2012-4534.patch/java/org/apache/

.pc/CVE-2012-4534.patch/java/org/apache/tomcat/

.pc/CVE-2012-4534.patch/java/org/apache/tomcat/util/

.pc/CVE-2012-4534.patch/java/org/apache/tomcat/util/net/

.pc/CVE-2012-4534.patch/java/org/apache/tomcat/util/net/NioEndpoint.java

.pc/applied-patches

debian/changelog

debian/patches/CVE-2012-3546.patch

debian/patches/CVE-2012-4431.patch

debian/patches/CVE-2012-4534.patch

debian/patches/series

java/org/apache/catalina/filters/CsrfPreventionFilter.java

java/org/apache/catalina/realm/RealmBase.java

java/org/apache/tomcat/util/net/NioEndpoint.java

Older »