*** This bug is a security vulnerability ***
Public security bug reported:
Please sync tomcat6 6.0.35-5 (universe) from Debian unstable (main)
Changelog entries since current quantal version 6.0.35-4:
tomcat6 (6.0.35-5) unstable; urgency=low
* Apply patch to README.Debian to explain setting the HTTPOnly flag
in cookies by default; CVE-2010-4312. (Closes: #608286)
- Thank you to Thijs Kinkhorst for the patch.
* Use ucf and a template for /etc/logrotate.d/tomcat6 file to avoid
updating the shipped conffile. (Closes: #687818)
-- tony mancill <tmanc...@debian.org> Mon, 06 Aug 2012 21:29:11 -0700
** Affects: tomcat6 (Ubuntu)
Importance: Undecided
Status: New
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4312
** This bug has been flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to tomcat6 in Ubuntu.
https://bugs.launchpad.net/bugs/1057111
Title:
Sync tomcat6 6.0.35-5 (universe) from Debian unstable (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat6/+bug/1057111/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
