tomcat6 (6.0.18-0ubuntu6.2) jaunty-security; urgency=low * SECURITY UPDATE: arbitrary file creation or overwrite from directory traversal via a .. entry in a WAR file. - CVE-2009-2693 * SECURITY UPDATE: authentication bypass via autodeployment process - CVE-2009-2901 * SECURITY UPDATE: work-directory file deletion via directory traversal sequences in a WAR filename. - CVE-2009-2902 - debian/patches/security_CVE-2009-2693_2901_2902.patch: validate file names and paths in java/org/apache/catalina/loader/ {LocalStrings.properties,WebappClassLoader.java}, java/org/apache/catalina/startup/{ContextConfig.java,ExpandWar.java, HostConfig.java,LocalStrings.properties}
Date: Thu, 11 Feb 2010 08:41:39 -0500 Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com> Maintainer: Ubuntu Core Developers <ubuntu-devel-disc...@lists.ubuntu.com> https://launchpad.net/ubuntu/jaunty/+source/tomcat6/6.0.18-0ubuntu6.2
Format: 1.8 Date: Thu, 11 Feb 2010 08:41:39 -0500 Source: tomcat6 Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs Architecture: source Version: 6.0.18-0ubuntu6.2 Distribution: jaunty-security Urgency: low Maintainer: Ubuntu Core Developers <ubuntu-devel-disc...@lists.ubuntu.com> Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com> Description: libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation libtomcat6-java - Servlet and JSP engine -- core libraries tomcat6 - Servlet and JSP engine tomcat6-admin - Servlet and JSP engine -- admin web applications tomcat6-common - Servlet and JSP engine -- common files tomcat6-docs - Servlet and JSP engine -- example web applications tomcat6-examples - Servlet and JSP engine -- example web applications tomcat6-user - Servlet and JSP engine -- tools to create user instances Changes: tomcat6 (6.0.18-0ubuntu6.2) jaunty-security; urgency=low . * SECURITY UPDATE: arbitrary file creation or overwrite from directory traversal via a .. entry in a WAR file. - CVE-2009-2693 * SECURITY UPDATE: authentication bypass via autodeployment process - CVE-2009-2901 * SECURITY UPDATE: work-directory file deletion via directory traversal sequences in a WAR filename. - CVE-2009-2902 - debian/patches/security_CVE-2009-2693_2901_2902.patch: validate file names and paths in java/org/apache/catalina/loader/ {LocalStrings.properties,WebappClassLoader.java}, java/org/apache/catalina/startup/{ContextConfig.java,ExpandWar.java, HostConfig.java,LocalStrings.properties} Checksums-Sha1: e4759fb02942383153c12608dae7edf985364c7d 1412 tomcat6_6.0.18-0ubuntu6.2.dsc f68e63681e191d561a380dcded16037933c52b32 29144 tomcat6_6.0.18-0ubuntu6.2.diff.gz Checksums-Sha256: c27fd8e67817df4b2c3edcb4bef8a4d228374b90f1879b75dfba7d08e9493376 1412 tomcat6_6.0.18-0ubuntu6.2.dsc cddf0bf3e460128e0fba5617b7b452a4967212ec3271a0596c60c58291ae24c5 29144 tomcat6_6.0.18-0ubuntu6.2.diff.gz Files: 21a10f9c437e9edffb7baae80196a3da 1412 web optional tomcat6_6.0.18-0ubuntu6.2.dsc b204c293225729248eb147a84d120c05 29144 web optional tomcat6_6.0.18-0ubuntu6.2.diff.gz Original-Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org>
-- Jaunty-changes mailing list Jaunty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/jaunty-changes