-
Committer:
Package Import Robot
-
Author(s):
Christian Kuersteiner, Christian Kuersteiner, Jamie Strandboge
-
Date:
2013-03-15 15:40:27 UTC
-
Revision ID:
package-import@ubuntu.com-20130315154027-6gq2dbrztju555ko
Tags: 7.0.21-1ubuntu0.1
[Christian Kuersteiner]
* SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
(LP: #1115053)
- debian/patches/CVE-2012-0022.patch: Fix for Denial of service. Based on
upstream patch.
- CVE-2012-0022, CVE-2011-4858
- debian/patches/CVE-2011-3375.patch: Fix for information disclosure. Based
on upstream patch.
- CVE-2011-3375
- debian/patches/CVE-2011-3376.patch: Fix for privilege escalation. Based on
upstream patch.
- CVE-2011-3376
- debian/patches/CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
Service. Based on upstream patch.
- CVE-2012-2733
- debian/patches/CVE-2012-3546.patch: Fix for bypass of security
constraints. Based on upstream patch.
- CVE-2012-3546
- debian/patches/CVE-2012-4431.patch: Fix for bypass of CSRF prevention
filter. Based on upstream patch.
- CVE-2012-4431
- debian/patches/CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
Service Vulnerability. Based on upstream patch.
- CVE-2012-4534
- debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
weaknesses. Based on upstream patch.
- CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887
[ Jamie Strandboge ]
* allow for easily running the testsuite:
- debian/control: add testsuite build-depends
- debian/rules:
+ add 'testsuite' target
+ add ANT_TS_ARGS for use in the testsuite target
+ cleanup the testsuite
- add debian/README.source for information on how to use the testsuite