Your message dated Fri, 30 Nov 2007 10:17:04 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#448664: fixed in tomcat5.5 5.5.25-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: tomcat5.5
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for tomcat5.5.
CVE-2007-5461[0]:
| Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through
| 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14,
| under certain configurations, allows remote authenticated users to
| read arbitrary files via a WebDAV write request that specifies an
| entity with a SYSTEM tag.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgphpqnVdgjwE.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: tomcat5.5
Source-Version: 5.5.25-2
We believe that the bug you reported is fixed in the latest version of
tomcat5.5, which is due to be installed in the Debian FTP archive:
libtomcat5.5-java_5.5.25-2_all.deb
to pool/main/t/tomcat5.5/libtomcat5.5-java_5.5.25-2_all.deb
tomcat5.5-admin_5.5.25-2_all.deb
to pool/main/t/tomcat5.5/tomcat5.5-admin_5.5.25-2_all.deb
tomcat5.5-webapps_5.5.25-2_all.deb
to pool/main/t/tomcat5.5/tomcat5.5-webapps_5.5.25-2_all.deb
tomcat5.5_5.5.25-2.diff.gz
to pool/main/t/tomcat5.5/tomcat5.5_5.5.25-2.diff.gz
tomcat5.5_5.5.25-2.dsc
to pool/main/t/tomcat5.5/tomcat5.5_5.5.25-2.dsc
tomcat5.5_5.5.25-2_all.deb
to pool/main/t/tomcat5.5/tomcat5.5_5.5.25-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Koch <[EMAIL PROTECTED]> (supplier of updated tomcat5.5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 30 Nov 2007 10:46:33 +0100
Source: tomcat5.5
Binary: libtomcat5.5-java tomcat5.5 tomcat5.5-admin tomcat5.5-webapps
Architecture: source all
Version: 5.5.25-2
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Michael Koch <[EMAIL PROTECTED]>
Description:
libtomcat5.5-java - Java Servlet engine -- core libraries
tomcat5.5 - Servlet and JSP engine
tomcat5.5-admin - Java Servlet engine -- admin & manager web interfaces
tomcat5.5-webapps - Java Servlet engine -- documentation and example web
applications
Closes: 448664 452366
Changes:
tomcat5.5 (5.5.25-2) unstable; urgency=high
.
[ Michael Koch ]
CVE-2007-5461:
* Fix absolute path traversal vulnerability. Closes: #448664.
.
[ Marcus Better ]
* Add required commons-io symlink to the admin webapp, which fixes WAR
file uploads. (Closes: #452366)
* debian/control: Use the new Homepage and Vcs-* fields.
* debian/NEWS: Remove outdated entry.
Files:
abab7824bd1a66070e2205d9b037c470 1330 web optional tomcat5.5_5.5.25-2.dsc
7dbc5ca424d9fe25895ce3596f84df8a 31577 web optional tomcat5.5_5.5.25-2.diff.gz
5d8b8ff8ef1ff64cd99e1a26dc4ba366 60928 web optional tomcat5.5_5.5.25-2_all.deb
61c8039e098eb021120da4dea70eff4f 2416538 web optional
libtomcat5.5-java_5.5.25-2_all.deb
5bd4109cca9d3be8ea9c0a45ffe5ecc0 1486354 web optional
tomcat5.5-webapps_5.5.25-2_all.deb
88cf1ff55c9283262f23655545fb2c0c 1135614 web optional
tomcat5.5-admin_5.5.25-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHT+KFWSOgCCdjSDsRAoZeAJ0cAulaIWrbqb5YZ2DBO79GVDPWvwCginVe
Z2aA65NSY21nGvFebYRgrms=
=ZAd3
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
pkg-java-maintainers mailing list
pkg-java-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
