Your message dated Fri, 06 Jun 2008 10:47:06 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#484643: fixed in tomcat5.5 5.5.26-3
has caused the Debian Bug report #484643,
regarding CVE-2008-1947: Cross-site scripting (XSS) vulnerability via the name
parameter
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
484643: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484643
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: tomcat5.5
Severity: important
Tags: security
Hi
The following CVE[0] has been issued against tomcat5.5
CVE-2008-1947:
Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through
5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject
arbitrary web script or HTML via the name parameter (aka the hostname
attribute) to host-manager/html/add.
Some more information may be obtained from this report[1].
Please mention the CVE id in your changelog, when you fix this issue.
Cheers
Steffen
[0]: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1947
[1]: http://marc.info/?l=tomcat-user&m=121244319501278&w=2
--- End Message ---
--- Begin Message ---
Source: tomcat5.5
Source-Version: 5.5.26-3
We believe that the bug you reported is fixed in the latest version of
tomcat5.5, which is due to be installed in the Debian FTP archive:
libtomcat5.5-java_5.5.26-3_all.deb
to pool/main/t/tomcat5.5/libtomcat5.5-java_5.5.26-3_all.deb
tomcat5.5-admin_5.5.26-3_all.deb
to pool/main/t/tomcat5.5/tomcat5.5-admin_5.5.26-3_all.deb
tomcat5.5-webapps_5.5.26-3_all.deb
to pool/main/t/tomcat5.5/tomcat5.5-webapps_5.5.26-3_all.deb
tomcat5.5_5.5.26-3.diff.gz
to pool/main/t/tomcat5.5/tomcat5.5_5.5.26-3.diff.gz
tomcat5.5_5.5.26-3.dsc
to pool/main/t/tomcat5.5/tomcat5.5_5.5.26-3.dsc
tomcat5.5_5.5.26-3_all.deb
to pool/main/t/tomcat5.5/tomcat5.5_5.5.26-3_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Koch <[EMAIL PROTECTED]> (supplier of updated tomcat5.5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 06 Jun 2008 09:34:15 +0200
Source: tomcat5.5
Binary: tomcat5.5 libtomcat5.5-java tomcat5.5-webapps tomcat5.5-admin
Architecture: source all
Version: 5.5.26-3
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <[EMAIL PROTECTED]>
Changed-By: Michael Koch <[EMAIL PROTECTED]>
Description:
libtomcat5.5-java - Java Servlet engine -- core libraries
tomcat5.5 - Servlet and JSP engine
tomcat5.5-admin - Java Servlet engine -- admin & manager web interfaces
tomcat5.5-webapps - Java Servlet engine -- documentation and example web
applications
Closes: 484643
Changes:
tomcat5.5 (5.5.26-3) unstable; urgency=high
.
* CVE-2008-1947: Fix XSS issue in host-manager web application.
Closes: #484643
Checksums-Sha1:
759cca53ba1a67a862841762d63bde9d6ccce753 1747 tomcat5.5_5.5.26-3.dsc
1a4c8c483f7463fab1be9bb671dadff4e2873b6d 30431 tomcat5.5_5.5.26-3.diff.gz
a84cd6d2c1cb18070e9f0c3a7f584b3d4086552c 62720 tomcat5.5_5.5.26-3_all.deb
1303b7343ec564426b6ba548d20c37ac5126d29a 2487028
libtomcat5.5-java_5.5.26-3_all.deb
1dce4d690b74d6b96cdb6571f08b23bbdb2cf051 1491366
tomcat5.5-webapps_5.5.26-3_all.deb
eea083fcbf3fe939a5a9554a5ac2d8fba5993b82 1142924
tomcat5.5-admin_5.5.26-3_all.deb
Checksums-Sha256:
31d0fa1a680f7e9928e7a24e894b06cc5418d470d11b0a142373959c485b3d54 1747
tomcat5.5_5.5.26-3.dsc
ffbfa674c1f10c7b0053ba1f96a95f5b2f6089b5d9dc554b9ebeeb9b849ae192 30431
tomcat5.5_5.5.26-3.diff.gz
3d878f337f987cd0ec436267a701e26ec0c970ef6eaa18ddd41744402b6c1af2 62720
tomcat5.5_5.5.26-3_all.deb
d5d98b1b6ac5182489ea8a2e2b701758bb49e9dd9fc842c48cfd76731c895382 2487028
libtomcat5.5-java_5.5.26-3_all.deb
f308152f79db09ce691d862a2fbe734fd5063e662e13e90eae540cb3a3a2766f 1491366
tomcat5.5-webapps_5.5.26-3_all.deb
422c99ad0404646f04809dd02061c1d01f2f0ae1f7bf5ff029efa466bf97be2c 1142924
tomcat5.5-admin_5.5.26-3_all.deb
Files:
3d508506959f2a023dcb4314500d68cc 1747 web optional tomcat5.5_5.5.26-3.dsc
f616fe94d2dffd924406b9e0d9057fe7 30431 web optional tomcat5.5_5.5.26-3.diff.gz
df2b77529f16c560410347e73596365d 62720 web optional tomcat5.5_5.5.26-3_all.deb
e80cdd1204fd06733da6d88f43e00e0c 2487028 web optional
libtomcat5.5-java_5.5.26-3_all.deb
4dbd1c1e59f477fe7b5391bc0e2ccceb 1491366 web optional
tomcat5.5-webapps_5.5.26-3_all.deb
92f13971078afb717179308e6da94f1e 1142924 web optional
tomcat5.5-admin_5.5.26-3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkhI6j8ACgkQWSOgCCdjSDvzVQCfSGtcLRysd6sL59KSU0K9/Jmn
4zUAoJ/mhkTNSX6XE4aIMDssk2GOVnxN
=7Ezi
-----END PGP SIGNATURE-----
--- End Message ---
