Bug#425836: [CVE-2007-1860] A double encoded .. in a URL can be used to access URLs on the AJP backend

Package: libapache2-mod-jk Version: 1:1.2.22-1 Severity: grave Tags: security As stated at http://tomcat.apache.org/connectors-doc/ the 1.2.22 version of jk connector is affected from CVE-2007-1860 Please provide the 1.2.23 version. Regards -- System Information: Debian Release: lenny/sid

Bug#425871: tomcat5.5-admin: admin servlet fails to start; throws an Allocate exception

Package: tomcat5.5-admin Version: 5.5.20-2 Severity: grave Justification: renders package unusable The Tomcat admin webapp fails with the following error in the admin log file: May 22, 2007 6:22:20 PM org.apache.catalina.core.ApplicationDispatcher invoke SEVERE: Allocate exception for servlet

Bug#425899: tomcat5.5: Tomcat5.5.20-2 fails to install in Debian etch

Package: tomcat5.5 Version: 5.5.20-2 Severity: grave Justification: renders package unusable Unable to install tomcat5.5 in Debian etch system. This section of 'aptitude install tomcat5.5' shows error: Setting up libservlet2.4-java (5.0.30-3) ... Setting up libcommons-el-java (1.0-3) ...