[Bug 1115053] Re: Parameter Handling Denial of Service in Oneiric
Just to make it easier, please add any extra CVEs for tomcat7 to this bug and create a separate bug for tomcat6. I'll adjust the summary and description. As for CVE-2012-2733, there is no upstream fix that I am aware of, so feel free to skip it (unless you find a patch for it-- if so, please let us know :). ** Also affects: tomcat7 (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: tomcat7 (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: tomcat7 (Ubuntu Raring) Importance: Undecided Status: New ** Also affects: tomcat7 (Ubuntu Quantal) Importance: Undecided Status: New ** Changed in: tomcat7 (Ubuntu Raring) Status: New = Fix Released ** Changed in: tomcat7 (Ubuntu Quantal) Status: New = Fix Released ** Changed in: tomcat7 (Ubuntu Precise) Status: New = Triaged ** Changed in: tomcat7 (Ubuntu Oneiric) Status: New = Triaged ** Summary changed: - Parameter Handling Denial of Service in Oneiric + Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1115053] Re: Parameter Handling Denial of Service in Oneiric
Just to make it easier, please add any extra CVEs for tomcat7 to this bug and create a separate bug for tomcat6. I'll adjust the summary and description. As for CVE-2012-2733, there is no upstream fix that I am aware of, so feel free to skip it (unless you find a patch for it-- if so, please let us know :). ** Also affects: tomcat7 (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: tomcat7 (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: tomcat7 (Ubuntu Raring) Importance: Undecided Status: New ** Also affects: tomcat7 (Ubuntu Quantal) Importance: Undecided Status: New ** Changed in: tomcat7 (Ubuntu Raring) Status: New = Fix Released ** Changed in: tomcat7 (Ubuntu Quantal) Status: New = Fix Released ** Changed in: tomcat7 (Ubuntu Precise) Status: New = Triaged ** Changed in: tomcat7 (Ubuntu Oneiric) Status: New = Triaged ** Summary changed: - Parameter Handling Denial of Service in Oneiric + Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115053] Re: Parameter Handling Denial of Service in Oneiric
Here is an updated debdiff with all the fixes. Please note: CVE-2011-4858 is resolved through patch for CVE-2012-0022. CVE-2012-5568 is seen as a non-issue for tomcat (see http://tomcat.apache.org/security-7.html#Not_a_vulnerability_in_Tomcat) Is the formating of the changelog okay like this? ** Patch added: lp1115053-oneiric-2.debdiff https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+attachment/3523657/+files/lp1115053-oneiric-2.debdiff ** Changed in: tomcat7 (Ubuntu) Status: Incomplete = New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Parameter Handling Denial of Service in Oneiric To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1115053] Re: Parameter Handling Denial of Service in Oneiric
From CVE-2012-2733 on Precise is affected too. Should I create a new bug for it or add a future debdiff here? As well some CVEs affect as well tomcat6. Same question: new bug or add here? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Parameter Handling Denial of Service in Oneiric To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1115053] Re: Parameter Handling Denial of Service in Oneiric
Here is an updated debdiff with all the fixes. Please note: CVE-2011-4858 is resolved through patch for CVE-2012-0022. CVE-2012-5568 is seen as a non-issue for tomcat (see http://tomcat.apache.org/security-7.html#Not_a_vulnerability_in_Tomcat) Is the formating of the changelog okay like this? ** Patch added: lp1115053-oneiric-2.debdiff https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+attachment/3523657/+files/lp1115053-oneiric-2.debdiff ** Changed in: tomcat7 (Ubuntu) Status: Incomplete = New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Parameter Handling Denial of Service in Oneiric To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115053] Re: Parameter Handling Denial of Service in Oneiric
From CVE-2012-2733 on Precise is affected too. Should I create a new bug for it or add a future debdiff here? As well some CVEs affect as well tomcat6. Same question: new bug or add here? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Parameter Handling Denial of Service in Oneiric To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115053] Re: Parameter Handling Denial of Service in Oneiric
Unsubscribing ubuntu-security-sponsors for now, please re-subscribe when a new debdiff is available. Thanks! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Parameter Handling Denial of Service in Oneiric To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1115053] Re: Parameter Handling Denial of Service in Oneiric
Unsubscribing ubuntu-security-sponsors for now, please re-subscribe when a new debdiff is available. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Parameter Handling Denial of Service in Oneiric To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115053] Re: Parameter Handling Denial of Service in Oneiric
tomcat7 in oneiric is vulnerable to the following CVEs: CVE-2011-3375 CVE-2011-3376 CVE-2011-4858 CVE-2012-0022 CVE-2012-2733 CVE-2012-3546 CVE-2012-4431 CVE-2012-4534 CVE-2012-5568 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 See the CVE tracker for more information: http://people.canonical.com/~ubuntu-security/cve/pkg/tomcat7.html Do you think you could prepare a debdiff that fixes all those issues, instead of just the single one? Thanks! ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-3375 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-3376 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-4858 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2733 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-3546 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-4431 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-4534 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-5568 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-5885 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-5886 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-5887 ** Changed in: tomcat7 (Ubuntu) Status: Confirmed = Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Parameter Handling Denial of Service in Oneiric To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1115053] Re: Parameter Handling Denial of Service in Oneiric
Yeah, I will look that I can prepare one debdiff with all the fixes. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Parameter Handling Denial of Service in Oneiric To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1115053] Re: Parameter Handling Denial of Service in Oneiric
tomcat7 in oneiric is vulnerable to the following CVEs: CVE-2011-3375 CVE-2011-3376 CVE-2011-4858 CVE-2012-0022 CVE-2012-2733 CVE-2012-3546 CVE-2012-4431 CVE-2012-4534 CVE-2012-5568 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 See the CVE tracker for more information: http://people.canonical.com/~ubuntu-security/cve/pkg/tomcat7.html Do you think you could prepare a debdiff that fixes all those issues, instead of just the single one? Thanks! ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-3375 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-3376 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-4858 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-2733 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-3546 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-4431 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-4534 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-5568 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-5885 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-5886 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-5887 ** Changed in: tomcat7 (Ubuntu) Status: Confirmed = Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Parameter Handling Denial of Service in Oneiric To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115053] Re: Parameter Handling Denial of Service in Oneiric
Yeah, I will look that I can prepare one debdiff with all the fixes. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Parameter Handling Denial of Service in Oneiric To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1115053] Re: Parameter Handling Denial of Service in Oneiric
** Patch added: lp1115053-oneiric.debdiff https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+attachment/3514213/+files/lp1115053-oneiric.debdiff ** Changed in: tomcat7 (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Parameter Handling Denial of Service in Oneiric To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1115053] Re: Parameter Handling Denial of Service in Oneiric
** Patch added: lp1115053-oneiric.debdiff https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+attachment/3514213/+files/lp1115053-oneiric.debdiff ** Changed in: tomcat7 (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Parameter Handling Denial of Service in Oneiric To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs