This bug was fixed in the package tomcat5.5 - 5.5.26-3ubuntu1
---------------
tomcat5.5 (5.5.26-3ubuntu1) intrepid; urgency=low
* Fix tomcat5.5 Java environment to match status of Java in intrepid:
- control: Moved Java runtime deps to libtomcat5.5-java
- control: Depends on default-jre-headless | java2-runtime-headless
- tomcat5.5.init: Fix JVM list to match java2-runtime-headless
- rules, control: Builds with default-jdk, libecj-java build-dep added
- Fixes LP: #212521, LP: #179447
* tomcat5.5.postinst: Removed superfluous /etc/tomcat5.5/tomcat5.5 linking
* rules, tomcat5.5.init: implement TearDown spec
* tomcat5.5.install: don't install catalina.policy (LP: #112626)
* Fix CVE-2008-1232 cross-site scripting vulnerability (LP: #256926)
* Fix CVE-2008-2370 information disclosure vulnerability (LP: #256922)
* Fix CVE-2008-2938 directory traversal (LP: #256802)
-- Thierry Carrez <[EMAIL PROTECTED]> Wed, 10 Sep 2008
12:00:09 +0200
** Changed in: tomcat5.5 (Ubuntu)
Status: In Progress => Fix Released
--
tomcat <6.0.18: Directory Traversal (CVE-2008-2938)
https://bugs.launchpad.net/bugs/256802
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
