-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers
-
Date:
2013-01-10 10:00:07 UTC
-
Revision ID:
package-import@ubuntu.com-20130110100007-x3zvop2t7d6r3pjf
Tags: 6.0.32-5ubuntu1.4
* SECURITY UPDATE: security-constraint bypass with FORM auth
- debian/patches/CVE-2012-3546.patch: remove unneeded code in
java/org/apache/catalina/realm/RealmBase.java.
- CVE-2012-3546
* SECURITY UPDATE: CSRF bypass via request with no session identifier
- debian/patches/CVE-2012-4431.patch: check for session identifier in
java/org/apache/catalina/filters/CsrfPreventionFilter.java.
- CVE-2012-4431
* SECURITY UPDATE: denial of service with NIO connector
- debian/patches/CVE-2012-4534.patch: properly handle connection breaks
in java/org/apache/tomcat/util/net/NioEndpoint.java.
- CVE-2012-4534