Bug#494799: CVE-2008-2938: Directory Traversal Vulnerability

2008-08-12 Thread Christophe Boyanique 
Package: tomcat5.5
Version: 5.5.20-2etch3
Severity: grave
Tags: security

Tomcat is affected by a directory traversal vulnerability. The problem
has been fixed in SVN version:

- http://tomcat.apache.org/security-5.html

Available information:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938
- http://www.milw0rm.com/exploits/6229

Christophe.



___
pkg-java-maintainers mailing list
pkg-java-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers

Kung pao chicken made official for Olympics

2008-08-12 Thread Kopald Mccullough 
What's up?


___
pkg-java-maintainers mailing list
pkg-java-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers

Bug#494799: CVE-2008-2938: Directory Traversal Vulnerability

2008-08-12 Thread Nico Golde 
merge 494504 494799
thanks

Hi Christophe,
* Christophe Boyanique [EMAIL PROTECTED] [2008-08-12 12:37]:
 Package: tomcat5.5
 Version: 5.5.20-2etch3
 Severity: grave
 Tags: security
 
 Tomcat is affected by a directory traversal vulnerability. The problem
 has been fixed in SVN version:

Please check the existing BTS entries before submitting new 
bugs. No idea how you missed:
#494504 [G|S|] [tomcat5.5] CVE-2008-1232/CVE-2008-2370: XSS and directory 
traversal

Check out 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494504

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.



___
pkg-java-maintainers mailing list
pkg-java-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers

Processing of lucene2_2.3.2+ds1-2_i386.changes

2008-08-12 Thread Archive Administrator 
lucene2_2.3.2+ds1-2_i386.changes uploaded successfully to localhost
along with the files:
  lucene2_2.3.2+ds1-2.dsc
  lucene2_2.3.2+ds1.orig.tar.gz
  lucene2_2.3.2+ds1-2.diff.gz
  liblucene2-java_2.3.2+ds1-2_all.deb
  liblucene2-java-doc_2.3.2+ds1-2_all.deb

Greetings,

Your Debian queue daemon

___
pkg-java-maintainers mailing list
pkg-java-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers

lucene2_2.3.2+ds1-2_i386.changes is NEW

2008-08-12 Thread Debian Installer 
(new) liblucene2-java-doc_2.3.2+ds1-2_all.deb optional doc
WARNING: Already present in contrib distribution.
Documentation for Lucene
 Lucene is a full-text search engine for the Java(TM) programming language.
 Lucene is not a complete application, but rather a code library and API
 that can easily be used to add search capabilities to applications.
 This package contains class API documentation for Lucene.
(new) liblucene2-java_2.3.2+ds1-2_all.deb optional text
WARNING: Already present in contrib distribution.
Full-text search engine library for Java(TM)
 Lucene is a full-text search engine for the Java(TM) programming language.
 Lucene is not a complete application, but rather a code library and API
 that can easily be used to add search capabilities to applications.
 .
 In addition to the Lucene core library, the following contributions are
 also included: analyzers ant bdb bdb-je benchmark highlighter lucli
 memory misc queries regex similarity snowball spellchecker surround swing
 wikipedia wordnet xml-query-parser
(new) lucene2_2.3.2+ds1-2.diff.gz optional text
(new) lucene2_2.3.2+ds1-2.dsc optional text
(new) lucene2_2.3.2+ds1.orig.tar.gz optional text
Changes: lucene2 (2.3.2+ds1-2) unstable; urgency=low
 .
  * Use openjdk to build lucene2, move to main (Closes: #488895)
  * Update TODO.Debian to reflect move to openjdk
  * Update README.Debian to reflect inclusion of bdb-je (in 2.3.0+ds1-1)
  * Bump Standards-Version to 3.8.0
  * Update debian/copyright to refer to the text of the Apache license in
/usr/share/common-licenses/
  * Clean up some cruft (failed-unittest-log.txt, KEYS, rules-backup) per
suggestion of Jeff Breidenbach


Override entries for your package:

Announcing to [EMAIL PROTECTED]
Closing bugs: 488895 


Your package contains new components which requires manual editing of
the override file.  It is ok otherwise, so please be patient.  New
packages are usually added to the override file about once a week.

You may have gotten the distribution wrong.  You'll get warnings above
if files already exist in other distributions.

___
pkg-java-maintainers mailing list
pkg-java-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers