~ubuntu-branches/ubuntu/precise/tomcat6/precise-security

Viewing all changes in revision 47.

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2013-01-10 09:51:09 UTC
  • Revision ID: package-import@ubuntu.com-20130110095109-i0m1u6g0q1ocphrz
Tags: 6.0.35-1ubuntu3.2
* SECURITY UPDATE: security-constraint bypass with FORM auth
  - debian/patches/CVE-2012-3546.patch: remove unneeded code in
    java/org/apache/catalina/realm/RealmBase.java.
  - CVE-2012-3546
* SECURITY UPDATE: CSRF bypass via request with no session identifier
  - debian/patches/CVE-2012-4431.patch: check for session identifier in
    java/org/apache/catalina/filters/CsrfPreventionFilter.java.
  - CVE-2012-4431
* SECURITY UPDATE: denial of service with NIO connector
  - debian/patches/CVE-2012-4534.patch: properly handle connection breaks
    in java/org/apache/tomcat/util/net/NioEndpoint.java.
  - CVE-2012-4534

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: