Your message dated Fri, 10 Dec 2010 07:02:14 +0000
with message-id <e1pqwze-0004q4...@franck.debian.org>
and subject line Bug#606388: fixed in tomcat6 6.0.28-9
has caused the Debian Bug report #606388,
regarding CVE-2010-4172: XSS issues
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
606388: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606388
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: tomcat6
Severity: grave
Tags: security
Please see http://tomcat.apache.org/security-6.html.
Please upload an isolated fix with urgency=medium and ask RMs for
an unblock.
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---
Source: tomcat6
Source-Version: 6.0.28-9
We believe that the bug you reported is fixed in the latest version of
tomcat6, which is due to be installed in the Debian FTP archive:
libservlet2.5-java-doc_6.0.28-9_all.deb
to main/t/tomcat6/libservlet2.5-java-doc_6.0.28-9_all.deb
libservlet2.5-java_6.0.28-9_all.deb
to main/t/tomcat6/libservlet2.5-java_6.0.28-9_all.deb
libtomcat6-java_6.0.28-9_all.deb
to main/t/tomcat6/libtomcat6-java_6.0.28-9_all.deb
tomcat6-admin_6.0.28-9_all.deb
to main/t/tomcat6/tomcat6-admin_6.0.28-9_all.deb
tomcat6-common_6.0.28-9_all.deb
to main/t/tomcat6/tomcat6-common_6.0.28-9_all.deb
tomcat6-docs_6.0.28-9_all.deb
to main/t/tomcat6/tomcat6-docs_6.0.28-9_all.deb
tomcat6-examples_6.0.28-9_all.deb
to main/t/tomcat6/tomcat6-examples_6.0.28-9_all.deb
tomcat6-user_6.0.28-9_all.deb
to main/t/tomcat6/tomcat6-user_6.0.28-9_all.deb
tomcat6_6.0.28-9.debian.tar.gz
to main/t/tomcat6/tomcat6_6.0.28-9.debian.tar.gz
tomcat6_6.0.28-9.dsc
to main/t/tomcat6/tomcat6_6.0.28-9.dsc
tomcat6_6.0.28-9_all.deb
to main/t/tomcat6/tomcat6_6.0.28-9_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 606...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
tony mancill <tmanc...@debian.org> (supplier of updated tomcat6 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 09 Dec 2010 22:52:08 -0800
Source: tomcat6
Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java
libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs
Architecture: source all
Version: 6.0.28-9
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: tony mancill <tmanc...@debian.org>
Description:
libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes
libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation
libtomcat6-java - Servlet and JSP engine -- core libraries
tomcat6 - Servlet and JSP engine
tomcat6-admin - Servlet and JSP engine -- admin web applications
tomcat6-common - Servlet and JSP engine -- common files
tomcat6-docs - Servlet and JSP engine -- documentation
tomcat6-examples - Servlet and JSP engine -- example web applications
tomcat6-user - Servlet and JSP engine -- tools to create user instances
Closes: 606170 606388
Changes:
tomcat6 (6.0.28-9) unstable; urgency=medium
.
* Team upload.
* Update URL for manager application in README.Debian
Thanks to Ernesto Ongaro (Closes: #606170)
* Add patch for CVE-2010-4172. (Closes: #606388)
Checksums-Sha1:
2bf9f3c6e6e391a70d2a54739658c125fc1be379 2257 tomcat6_6.0.28-9.dsc
88f4de4510b89d5871b2cd2d19deef5f42c115fc 41318 tomcat6_6.0.28-9.debian.tar.gz
44b0511a17118fcaa789ebe9e5827507da4778fa 49042 tomcat6-common_6.0.28-9_all.deb
3e69db47dc7f74e29e3fd48d12a5e7cf32bae568 36400 tomcat6_6.0.28-9_all.deb
2913ba4e826837b9f7483c312938cc241d28e368 26818 tomcat6-user_6.0.28-9_all.deb
a42dfb6dcef9525482a7f0e1af0b1ae3d52c53b3 3025554
libtomcat6-java_6.0.28-9_all.deb
0bb5f9776604e094bf1d72a4b66215294eccf1a3 192110
libservlet2.5-java_6.0.28-9_all.deb
12d2526bf06c3fb2497918b380166ef64d4c947c 256072
libservlet2.5-java-doc_6.0.28-9_all.deb
18d54586c98481bff2f9432b132763ccd3e45dcf 43002 tomcat6-admin_6.0.28-9_all.deb
d8f4e9c2c0d35ad9fb3db25b5f21cf8aafd192f1 162440
tomcat6-examples_6.0.28-9_all.deb
2b5140b704c3ce49918c0db8c7c976f269618535 532456 tomcat6-docs_6.0.28-9_all.deb
Checksums-Sha256:
e4e6412ea05d8c362afca845d9562bff676f3a9dec6fccde9819da917ab7b23b 2257
tomcat6_6.0.28-9.dsc
fc78a0d3a44c1a24d9268ac3c4ebd0594d0068d448e71e5e84921a3eca3c9b65 41318
tomcat6_6.0.28-9.debian.tar.gz
e43d45e70c9275ac893f746509a472f516c78a34e833721c985bfcdb992d570e 49042
tomcat6-common_6.0.28-9_all.deb
05a4b3b9c33f77f45d97198e00e77c0b806d5eb45b81adbf53635915c6677b2c 36400
tomcat6_6.0.28-9_all.deb
6a5a8f66e1dd41359b32e68445a92e0ae3aeb0286fde530397a2fe8d7fa1d9fe 26818
tomcat6-user_6.0.28-9_all.deb
b568741cfd02e7e62744eedf8ad276245a3f5694c8207f6af94b187c5129821f 3025554
libtomcat6-java_6.0.28-9_all.deb
b9af6677857a4881396029c8c9c8d673b32d5981f8a9e37bbe51da59240a6cf7 192110
libservlet2.5-java_6.0.28-9_all.deb
a633eec8e801364a8f74e700e8a4e24f2b48d6671193d29af7a29a5b92f1ee30 256072
libservlet2.5-java-doc_6.0.28-9_all.deb
1d32dcadb960b40fbdd249be541960b944041e6b2dc9a3772836de0c495ba73d 43002
tomcat6-admin_6.0.28-9_all.deb
b395067ee9ce84166f79fff54d2610763f1821732218c4c27476172d10df6e90 162440
tomcat6-examples_6.0.28-9_all.deb
f9385c828615ff500332e52dd30dc594874ecbb5b5a8c9755edda39046eb9123 532456
tomcat6-docs_6.0.28-9_all.deb
Files:
f2b676ccbcbbd08eb0ce0ba6141ec587 2257 java optional tomcat6_6.0.28-9.dsc
2132792d8b45797256ff783415af4f99 41318 java optional
tomcat6_6.0.28-9.debian.tar.gz
8baf7364b708c2e01b3066bf05a9d7b1 49042 java optional
tomcat6-common_6.0.28-9_all.deb
f9439124d9f10a6b812ca97b12c01c95 36400 java optional tomcat6_6.0.28-9_all.deb
8c62b2361327ba1af1a852fe23702457 26818 java optional
tomcat6-user_6.0.28-9_all.deb
4ffc1dfdc7aaf51aa49132e63ff86b11 3025554 java optional
libtomcat6-java_6.0.28-9_all.deb
ba52b15aa937d84cb5a0ad2391cdae28 192110 java optional
libservlet2.5-java_6.0.28-9_all.deb
1d2533498bc2c8f50d826bf7c67b776b 256072 doc optional
libservlet2.5-java-doc_6.0.28-9_all.deb
5da821a5141f72195b35f70ae4fbf9b7 43002 java optional
tomcat6-admin_6.0.28-9_all.deb
6fb382ffe6b30e978416ba5aa645be4a 162440 java optional
tomcat6-examples_6.0.28-9_all.deb
4a19e62ff39f946fa2680835b3f9b817 532456 doc optional
tomcat6-docs_6.0.28-9_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJNAc77AAoJECHSBYmXSz6Wd2YP/3blYkDeA9PK7ss+8+BgpuYe
o1b2CydEEO8FIQZoZALri6rsopolMXYfbB51aqj5MwHecaA17yzQhmdbgQF9wkKe
h+UfgnB7zb9F+g+VQ6rYEuk9oHDiwcgAfGp5tZ2AqmAyBKQdMw6OB3Hv/hRGNp3g
0y/PElwb1Qty6lBDrenJIrfIq7sViS6JXXLX0B5SdeuEQi0HqA5C3Fa0EhQeeYLp
0tOn61OB217N8S6fXoFy5h+6CDSjOqQ26TDGICudN31engE86KyQMRn8SnyInQOr
105LPtavfF9gI/sXcIiVrYZSSn4eYyiNNXAhEdHh8IalLe6ZA90Sn1GT46V2kaGD
sqI2AfmCzFNNcwSKOgJQqwrxoR0sjvWsrQdX9keFm4jwfpQRIW9Au/t1ZKaHp8Nm
oRh8JlJOyM39h8IotW6Ro9HgW5RuH+zTTMTfvRcb4rvgoBTySerLjvLpkLg0VvSf
EEibsiqC8rto2iYN9cthFd1iMj3IcP5hHvli0+wau1+ykkXRO62l4zcwSCdOOWG/
LKJLOIfzHuNrV7tOVA42jouh9meTMLWgG4GzPIiJeEb+Ut8Gk9wWpPbr7Nb8dBzj
9ur1MXc6tYyjnKey1MELWe0SDegnZUZdb8D2YMv+7KjDdVJHhmK4uZHMOTtjOJcI
yYnIwB7yAMt8IPWGbwej
=2Mqy
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers>. Please
use
debian-j...@lists.debian.org for discussions and questions.
