This bug was fixed in the package tomcat5.5 - 5.5.25-5ubuntu1 --------------- tomcat5.5 (5.5.25-5ubuntu1) hardy; urgency=low
* Merge from Debian unstable (LP: #153672, LP: #159661, LP: #161882, LP: #173692, LP: #179491), remaining changes: - debian/control: Change the Maintainer address. - debian/rules: Force flag passed to rm to `prune files that should not be installed at all'. tomcat5.5 (5.5.25-5) unstable; urgency=low * debian/tomcat5.5.init: Check if tomcat-users.xml exists. Thanks to Javier Serrano Polo for the patch. Closes: #445857. * debian/tomcat5.5-webapps.postrm: Purge links created in postinst script. Closes: #453879. * debian/tomcat5.5-admin.links: Fix symlink for commons-io.jar. Closes: #452366. * debian/tomcat5.5.init: Check user id of the user running the init script. Closes: #457956. * Renamed /etc/cron.daily/tomcat5.5 to /etc/cron.daily/tomcat55. Closes: #454296. * debian/tomcat5.5.init: source /etc/default/locale and export LANG so tomcat gets started with system locale. Originally reported to https://bugs.launchpad.net/ubuntu/+source/tomcat5.5/+bug/153672. tomcat5.5 (5.5.25-4) unstable; urgency=high * CVE-2007-5342: Fix unauthorized modification of data because of too open permissions. Closes: #458237. * Always clean temporary directory on startup. Closes: #456608. tomcat5.5 (5.5.25-3) unstable; urgency=low * debian/libtomcat5.5-java.links: Removed links for xml-apis.jar and xercesImpl.jar. Closes: #443382, #455495. * Added libgnumail-java to Build-Depends. Closes: #454312. * Updated Standards-Version to 3.7.3. tomcat5.5 (5.5.25-2) unstable; urgency=high [ Michael Koch ] CVE-2007-5461: * Fix absolute path traversal vulnerability. Closes: #448664. [ Marcus Better ] * Add required commons-io symlink to the admin webapp, which fixes WAR file uploads. (Closes: #452366) * debian/control: Use the new Homepage and Vcs-* fields. * debian/NEWS: Remove outdated entry. -- Matti Lindell <[EMAIL PROTECTED]> Thu, 03 Jan 2008 20:30:59 +0200 ** Changed in: tomcat5.5 (Ubuntu) Status: New => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-5342 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-5461 -- Tomcat 5.5 startup script fail if temp directory contains subdirectories https://bugs.launchpad.net/bugs/161882 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs