-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers
-
Date:
2013-01-10 09:51:09 UTC
-
Revision ID:
package-import@ubuntu.com-20130110095109-i0m1u6g0q1ocphrz
Tags: 6.0.35-1ubuntu3.2
* SECURITY UPDATE: security-constraint bypass with FORM auth
- debian/patches/CVE-2012-3546.patch: remove unneeded code in
java/org/apache/catalina/realm/RealmBase.java.
- CVE-2012-3546
* SECURITY UPDATE: CSRF bypass via request with no session identifier
- debian/patches/CVE-2012-4431.patch: check for session identifier in
java/org/apache/catalina/filters/CsrfPreventionFilter.java.
- CVE-2012-4431
* SECURITY UPDATE: denial of service with NIO connector
- debian/patches/CVE-2012-4534.patch: properly handle connection breaks
in java/org/apache/tomcat/util/net/NioEndpoint.java.
- CVE-2012-4534