Your message dated Sat, 17 Nov 2012 23:32:46 +0000
with message-id <[email protected]>
and subject line Bug#692440: fixed in tomcat6 6.0.35-5+nmu1
has caused the Debian Bug report #692440,
regarding tomcat7: CVE-2012-2733 CVE-2012-3439
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
692440: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692440
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: tomcat7
Severity: grave
Tags: security
Justification: user security hole
Please see http://tomcat.apache.org/security-7.html
Since Wheezy is frozen, please apply isolated security fixes instead
of updating to a new upstream release.
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: tomcat6
Source-Version: 6.0.35-5+nmu1
We believe that the bug you reported is fixed in the latest version of
tomcat6, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <[email protected]> (supplier of updated tomcat6 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 17 Nov 2012 23:15:03 +0000
Source: tomcat6
Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.4-java
libservlet2.5-java libservlet2.5-java-doc tomcat6-admin tomcat6-examples
tomcat6-docs tomcat6-extras
Architecture: source all
Version: 6.0.35-5+nmu1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Michael Gilbert <[email protected]>
Description:
libservlet2.4-java - Transitional package for libservlet2.5-java
libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes
libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation
libtomcat6-java - Servlet and JSP engine -- core libraries
tomcat6 - Servlet and JSP engine
tomcat6-admin - Servlet and JSP engine -- admin web applications
tomcat6-common - Servlet and JSP engine -- common files
tomcat6-docs - Servlet and JSP engine -- documentation
tomcat6-examples - Servlet and JSP engine -- example web applications
tomcat6-extras - Servlet and JSP engine -- additional components
tomcat6-user - Servlet and JSP engine -- tools to create user instances
Closes: 692440
Changes:
tomcat6 (6.0.35-5+nmu1) unstable; urgency=high
.
* Non-maintainer upload.
* Fix multiple security issues (closes: #692440)
- cve-2012-2733: denial-of-service by triggering out of memory error.
- cve-2012-3439: multiple replay attack issues in digest authentication.
Checksums-Sha1:
c999b2258397afd7c614668339287c3a742baa52 3408 tomcat6_6.0.35-5+nmu1.dsc
64b5618333d0f4e9d2982e28e690763f939ac2d1 49600
tomcat6_6.0.35-5+nmu1.debian.tar.gz
4db2e261a91e6eb69e8676c459ae034702191e28 51662
tomcat6-common_6.0.35-5+nmu1_all.deb
485a0e045d201885a075f49c44529c7330971348 41584 tomcat6_6.0.35-5+nmu1_all.deb
182615095a13162902a9e4a0d52dd7be73a41c7d 31506
tomcat6-user_6.0.35-5+nmu1_all.deb
6f9f9bed0f60f070e3507ce43ca6f05e6b810530 3100996
libtomcat6-java_6.0.35-5+nmu1_all.deb
7f2ce99af1021eb01aa191d98c449f4e517897b3 13344
libservlet2.4-java_6.0.35-5+nmu1_all.deb
118f6e8f3eab3e5d32190430845adcd62697cb28 195594
libservlet2.5-java_6.0.35-5+nmu1_all.deb
aa7e0850d70a6a9986b1ac12c4336a91528af621 256386
libservlet2.5-java-doc_6.0.35-5+nmu1_all.deb
cd36119293b669a8117e195fa8e72b9f280fa767 49606
tomcat6-admin_6.0.35-5+nmu1_all.deb
b8d2103aefa8ab20b84876429c244069caa98f7c 164146
tomcat6-examples_6.0.35-5+nmu1_all.deb
08c6c38331e171365e324956afba25fff9209f9f 566316
tomcat6-docs_6.0.35-5+nmu1_all.deb
b2d0ad7a01b38ce2ffe98729b05d0cb10bf752f5 13552
tomcat6-extras_6.0.35-5+nmu1_all.deb
Checksums-Sha256:
5ea817c206bf824e84d891a9b8469b287463b62fefbb6f906dfb4bae9ca58c23 3408
tomcat6_6.0.35-5+nmu1.dsc
ea2305f6b5876af898593452b3bd7f1edbe1784b52d29bfba80ed1542c32e4a2 49600
tomcat6_6.0.35-5+nmu1.debian.tar.gz
0cd25c1b48c0d7823483dfdb21eaba5a764b00a6540f5b4ea2d37af3ae430c1d 51662
tomcat6-common_6.0.35-5+nmu1_all.deb
19e6d659777b0ddfbb1f1ad2adfe42b064bbdbde465176892f7d1e8eb8e49ce6 41584
tomcat6_6.0.35-5+nmu1_all.deb
ef8ab8abf520b9dac23705a56b6e31414ef5024d60c8f0fd3b92003269bc7ba5 31506
tomcat6-user_6.0.35-5+nmu1_all.deb
941b3c862dc80482c34fbbe7d4b94fb26014b11c4f9639f1918fb6c18f80e623 3100996
libtomcat6-java_6.0.35-5+nmu1_all.deb
e0e44102325552c072b94588232aac961a5c086586a43021941c646d43e011fa 13344
libservlet2.4-java_6.0.35-5+nmu1_all.deb
59913fe059c5ff9d6e088548d3ef27c50c837df4cf5ab6d85dbd3cc5d3902d11 195594
libservlet2.5-java_6.0.35-5+nmu1_all.deb
6dc3dec28b468d701d7918cd927dff6dd94d420af64e0ba8c33e33349b814a75 256386
libservlet2.5-java-doc_6.0.35-5+nmu1_all.deb
459ffdedb8db00808886c8450dbc7a444aaca5e15d9e2083902dd8b1dd4c6bbc 49606
tomcat6-admin_6.0.35-5+nmu1_all.deb
47d20e4c3fe2b66d0c1134ba0a98b9e3617de1fe8aa680c686d9d4080020f92f 164146
tomcat6-examples_6.0.35-5+nmu1_all.deb
8983ef987c2b2f0515f8953fb03b39777c3647032d1941194997212b0a99a1e3 566316
tomcat6-docs_6.0.35-5+nmu1_all.deb
a430264fdc53228af6485ac318c8fa044266eb91f76e42d52ff061fd92ed888a 13552
tomcat6-extras_6.0.35-5+nmu1_all.deb
Files:
53ba62b64f783e1698e36fcffc9bd20d 3408 java optional tomcat6_6.0.35-5+nmu1.dsc
0ab9a062810a3ec8df469befd986b88c 49600 java optional
tomcat6_6.0.35-5+nmu1.debian.tar.gz
2e0e5769627aadf0928f0bc985dc9829 51662 java optional
tomcat6-common_6.0.35-5+nmu1_all.deb
3726e9a6f88b2d3d6e59330d46c6964f 41584 java optional
tomcat6_6.0.35-5+nmu1_all.deb
61034f3c81026a61fe20e4cc9827d39f 31506 java optional
tomcat6-user_6.0.35-5+nmu1_all.deb
82afb975a2b26a6f7d48eebc1058a733 3100996 java optional
libtomcat6-java_6.0.35-5+nmu1_all.deb
5b8540f1bcc5814dc5eccaf33c9b237b 13344 oldlibs extra
libservlet2.4-java_6.0.35-5+nmu1_all.deb
b0fb27ef960099090e77d4e6ab2d6920 195594 java optional
libservlet2.5-java_6.0.35-5+nmu1_all.deb
49ca1df6f7c8023ae3d2f64f919e9a4d 256386 doc optional
libservlet2.5-java-doc_6.0.35-5+nmu1_all.deb
e334b77a771aec7a3db995bedd954608 49606 java optional
tomcat6-admin_6.0.35-5+nmu1_all.deb
f560b710395d499063ac9fc80b08f38b 164146 java optional
tomcat6-examples_6.0.35-5+nmu1_all.deb
78dec13bd13ad5881674054540ed63b5 566316 doc optional
tomcat6-docs_6.0.35-5+nmu1_all.deb
b805038078b7a0aea6c481908dcae292 13552 java optional
tomcat6-extras_6.0.35-5+nmu1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQQcBAEBCAAGBQJQqBvQAAoJELjWss0C1vRzYEEf/AkYUEYi35gHarOaefDjYLYu
+3+cWc9FSpDtX0B07QN56zD/j6vXSf8Ax/HEj9wx8kLMO045VWDXHycWT1SxAkdN
i0rapGWceI57hjW2e26CuT+l8fDyNipbBvQNLLAcGvQFTjaVCktnaLyHItv8/RNU
DK757xscz+nWyOzVpjqyol+faesuvBvGmdfkPTmzz9Sc2t8yxOMNKJgdG5KUaN8b
ZucQwRvUFvqIJQXS57PFSkULW6A9j1LQKsaubeG2q0PZkurfWTmKFdqc6CiZaTtb
7Vocw6A/LIbN/mYSCxeAdRJEUADRX+PLMJZe1DQoinyWfJyIkTvXvGaJB/zsR0Zl
AN3IaAGrmIXrYt8066tnXHxXDYhZyBdGXCG55+2+atGu4y8fK3B9BJ5mM5d+KuVj
/p2qy7NeImlLIFJn/R3iylUJpM4yzxHV1oCNy9isuWM4RwUX1M++C2fA0oiwsxEM
N0ortcnO5MWdk/LjJR7sr6FWE7PH7lTU1AdPqT/rOyR+bO5gVw+AJ7AZPQwv4uXy
Wixajlmcboy+yc9YSEtrX5LMSvO+8lTq/zOGdHlPKmEeuPKbZuD0QV00Mgnwgs3j
hpd+K7i1Fzqr6z5/+8MojNxBtbRi9jBBJa9K2xGlAV28XO5+FAYr0kM5u+fpKE8s
pemd0HF5WGEW/6GoL9qx8PC6mu/vFDubmUDX2c1sx8yMXHQcaCDMLmnmiPF91gEh
fbJTne7g0ceWKQlqANKFRUrR4Vq8KManeSMr3wPrI8OIjC9OUzBrfIeeV3Ea6FK0
SVaQU+AmAgmtpvsw5heTZEfUYaZ1YeZOp3Wt5tPkNx5JLa+5V8E1vqN/LHH7LHJy
kXkxjObdxV8WvwsZLyY9qI13fZPTRXIAPf2riceFBGBUMPst1cB5xVS9t83qVWML
QXGXILzeN+j1flkL1TSTuu+9VmqTyr1VPk/eJLI3S+lgB+d/nqeH4BMu6S5BPXKm
HVFrdpYOIPjb33ZJb9ROLOTDRR/brKQq36oEJqfuf5SPoKFe83IqhjxUbiloIR/L
IGXB41nUzacOoViUGnJLdp7+ah8tEEfWC47bpdsBHhybt+TkBRlx2GUHeWpp6pQq
E8YlwLNWsElI/FVcipItyLKH8YQEsomxwLmUk172LGtO/smpRu6BA9KHF3T9mwub
8aNTI67i0BvDCDR9QDL7La2vr+rERoZCBEkqnKDMNKrZuyfLrXE/o2HvVw0ZSmOH
oI4MDCZC31HBilf0z8Fq6qVmoDRf/l/IhsbH/uvqkduHcGKH7MVchGtZeYBAo2Yk
pCAx+UYHoaeVC4vP5B+Yrr3i1sYZidHyVKdYGcCRwXhQd8Vmduj7eShYY8blKKQ=
=bdLa
-----END PGP SIGNATURE-----
--- End Message ---
