Your message dated Fri, 30 Nov 2007 10:17:04 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#448664: fixed in tomcat5.5 5.5.25-2 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: tomcat5.5 Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for tomcat5.5. CVE-2007-5461[0]: | Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through | 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, | under certain configurations, allows remote authenticated users to | read arbitrary files via a WebDAV write request that specifies an | entity with a SYSTEM tag. If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.pgphpqnVdgjwE.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: tomcat5.5 Source-Version: 5.5.25-2 We believe that the bug you reported is fixed in the latest version of tomcat5.5, which is due to be installed in the Debian FTP archive: libtomcat5.5-java_5.5.25-2_all.deb to pool/main/t/tomcat5.5/libtomcat5.5-java_5.5.25-2_all.deb tomcat5.5-admin_5.5.25-2_all.deb to pool/main/t/tomcat5.5/tomcat5.5-admin_5.5.25-2_all.deb tomcat5.5-webapps_5.5.25-2_all.deb to pool/main/t/tomcat5.5/tomcat5.5-webapps_5.5.25-2_all.deb tomcat5.5_5.5.25-2.diff.gz to pool/main/t/tomcat5.5/tomcat5.5_5.5.25-2.diff.gz tomcat5.5_5.5.25-2.dsc to pool/main/t/tomcat5.5/tomcat5.5_5.5.25-2.dsc tomcat5.5_5.5.25-2_all.deb to pool/main/t/tomcat5.5/tomcat5.5_5.5.25-2_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Koch <[EMAIL PROTECTED]> (supplier of updated tomcat5.5 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 30 Nov 2007 10:46:33 +0100 Source: tomcat5.5 Binary: libtomcat5.5-java tomcat5.5 tomcat5.5-admin tomcat5.5-webapps Architecture: source all Version: 5.5.25-2 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Michael Koch <[EMAIL PROTECTED]> Description: libtomcat5.5-java - Java Servlet engine -- core libraries tomcat5.5 - Servlet and JSP engine tomcat5.5-admin - Java Servlet engine -- admin & manager web interfaces tomcat5.5-webapps - Java Servlet engine -- documentation and example web applications Closes: 448664 452366 Changes: tomcat5.5 (5.5.25-2) unstable; urgency=high . [ Michael Koch ] CVE-2007-5461: * Fix absolute path traversal vulnerability. Closes: #448664. . [ Marcus Better ] * Add required commons-io symlink to the admin webapp, which fixes WAR file uploads. (Closes: #452366) * debian/control: Use the new Homepage and Vcs-* fields. * debian/NEWS: Remove outdated entry. Files: abab7824bd1a66070e2205d9b037c470 1330 web optional tomcat5.5_5.5.25-2.dsc 7dbc5ca424d9fe25895ce3596f84df8a 31577 web optional tomcat5.5_5.5.25-2.diff.gz 5d8b8ff8ef1ff64cd99e1a26dc4ba366 60928 web optional tomcat5.5_5.5.25-2_all.deb 61c8039e098eb021120da4dea70eff4f 2416538 web optional libtomcat5.5-java_5.5.25-2_all.deb 5bd4109cca9d3be8ea9c0a45ffe5ecc0 1486354 web optional tomcat5.5-webapps_5.5.25-2_all.deb 88cf1ff55c9283262f23655545fb2c0c 1135614 web optional tomcat5.5-admin_5.5.25-2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHT+KFWSOgCCdjSDsRAoZeAJ0cAulaIWrbqb5YZ2DBO79GVDPWvwCginVe Z2aA65NSY21nGvFebYRgrms= =ZAd3 -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers