This bug was fixed in the package tomcat7 - 7.0.21-1ubuntu0.1 --------------- tomcat7 (7.0.21-1ubuntu0.1) oneiric-security; urgency=low
[Christian Kuersteiner] * SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7 (LP: #1115053) - debian/patches/CVE-2012-0022.patch: Fix for Denial of service. Based on upstream patch. - CVE-2012-0022, CVE-2011-4858 - debian/patches/CVE-2011-3375.patch: Fix for information disclosure. Based on upstream patch. - CVE-2011-3375 - debian/patches/CVE-2011-3376.patch: Fix for privilege escalation. Based on upstream patch. - CVE-2011-3376 - debian/patches/CVE-2012-2733.patch: Fix for Apache Tomcat Denial of Service. Based on upstream patch. - CVE-2012-2733 - debian/patches/CVE-2012-3546.patch: Fix for bypass of security constraints. Based on upstream patch. - CVE-2012-3546 - debian/patches/CVE-2012-4431.patch: Fix for bypass of CSRF prevention filter. Based on upstream patch. - CVE-2012-4431 - debian/patches/CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of Service Vulnerability. Based on upstream patch. - CVE-2012-4534 - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication weaknesses. Based on upstream patch. - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887 [ Jamie Strandboge ] * allow for easily running the testsuite: - debian/control: add testsuite build-depends - debian/rules: + add 'testsuite' target + add ANT_TS_ARGS for use in the testsuite target + cleanup the testsuite - add debian/README.source for information on how to use the testsuite -- Christian Kuersteiner <ckuer...@gmx.ch> Fri, 15 Mar 2013 15:40:27 -0700 ** Changed in: tomcat7 (Ubuntu Oneiric) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to tomcat7 in Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs