** Attachment added: "Proposed merge of tomcat5.5 (5.5.25-4)" http://launchpadlibrarian.net/11100730/debdiff.txt
** Description changed: Binary package hint: tomcat5.5 Please consider merging tomcat5.5 from Debian unstable as it contains fixes for several CVE's and important packaging fixes. Ubuntu changes that can be dropped: - Build-depends on xsltproc: tomcat5.5 package used to build documentation using xsltproc, but is now using Xalan-Java (libxalan2-java). I reckon the build dependency was unnecessarily carried around during merges as Debian stopped using it since 5.5.20-2 (related patches were dropped as well). It's not used in build process and the documentation looks the same with or without it. (http://www.mail-archive.com/[EMAIL PROTECTED]/msg11269.html and Debian 5.5.20-2 changelog entry). New Ubuntu changes are bugfixes, forwarded as: * Opened http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=458411 * Reopened http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452366 - New Debian version also fixes #173692 and #161882. + New Debian version also fixes Bug #173692 and Bug #161882. ** Description changed: Binary package hint: tomcat5.5 Please consider merging tomcat5.5 from Debian unstable as it contains fixes for several CVE's and important packaging fixes. Ubuntu changes that can be dropped: - Build-depends on xsltproc: tomcat5.5 package used to build documentation using xsltproc, but is now using Xalan-Java (libxalan2-java). I reckon the build dependency was unnecessarily carried around during merges as Debian stopped using it since 5.5.20-2 (related patches were dropped as well). It's not used in build process and the documentation looks the same with or without it. (http://www.mail-archive.com/[EMAIL PROTECTED]/msg11269.html and Debian 5.5.20-2 changelog entry). New Ubuntu changes are bugfixes, forwarded as: * Opened http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=458411 * Reopened http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452366 New Debian version also fixes Bug #173692 and Bug #161882. + + New Debian changes: + + tomcat5.5 (5.5.25-4) unstable; urgency=high + + * CVE-2007-5342: Fix unauthorized modification of data because of + too open permissions. Closes: #458237. + * Always clean temporary directory on startup. Closes: #456608. + + -- Michael Koch <[EMAIL PROTECTED]> Sat, 29 Dec 2007 20:15:40 +0100 + + tomcat5.5 (5.5.25-3) unstable; urgency=low + + * debian/libtomcat5.5-java.links: Removed links for xml-apis.jar and + xercesImpl.jar. Closes: #443382, #455495. + * Added libgnumail-java to Build-Depends. Closes: #454312. + * Updated Standards-Version to 3.7.3. + + -- Michael Koch <[EMAIL PROTECTED]> Thu, 13 Dec 2007 22:15:18 +0100 + + tomcat5.5 (5.5.25-2) unstable; urgency=high + + [ Michael Koch ] + CVE-2007-5461: + * Fix absolute path traversal vulnerability. Closes: #448664. + + [ Marcus Better ] + * Add required commons-io symlink to the admin webapp, which fixes WAR + file uploads. (Closes: #452366) + * debian/control: Use the new Homepage and Vcs-* fields. + * debian/NEWS: Remove outdated entry. + + -- Michael Koch <[EMAIL PROTECTED]> Fri, 30 Nov 2007 10:46:33 +0100 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-5342 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-5461 -- please merge tomcat5.5 (5.5.25-4) from Debian unstable (main) https://bugs.launchpad.net/bugs/179491 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs