UbuntuUpdates.org

Package "tomcat7"

Name: tomcat7

Description:

Servlet and JSP engine
Latest version: 7.0.26-1ubuntu1.2
Release: precise (12.04)
Level: updates
Repository: universe
Homepage: http://tomcat.apache.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "tomcat7"

All arch deb package
APT INSTALL

Other versions of "tomcat7" in Precise

Repository Area Version
base universe 7.0.26-1ubuntu1
security universe 7.0.26-1ubuntu1.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 7.0.26-1ubuntu1.2 2013-04-01 22:06:37 UTC

  tomcat7 (7.0.26-1ubuntu1.2) precise-security; urgency=low

  [Christian Kuersteiner]
  * SECURITY UPDATE: Fix multiple vulnerabilities in Tomcat7
    (LP: #1115053)
    - debian/patches/0013-CVE-2012-2733.patch: Fix for Apache Tomcat Denial of
      Service. Based on upstream patch.
    - CVE-2012-2733
    - debian/patches/0014-CVE-2012-3546.patch: Fix for bypass of security
      constraints. Based on upstream patch.
    - CVE-2012-3546
    - debian/patches/0015-CVE-2012-4431.patch: Fix for bypass of CSRF prevention
      filter. Based on upstream patch.
    - CVE-2012-4431
    - debian/patches/0016-CVE-2012-4534.patch: Fix for CVE-2012-4534 Denial of
      Service Vulnerability. Based on upstream patch.
    - CVE-2012-4534
    - debian/patches/CVE-2012-3439.patch: Fix for DIGEST authentication
      weaknesses. Based on upstream patch.
    - CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, 2012-5887

  [ Jamie Strandboge ]
  * allow for easily running the testsuite:
    - debian/control: add testsuite build-depends
    - debian/rules:
      + add 'testsuite' target
      + add ANT_TS_ARGS for use in the testsuite target
      + cleanup the testsuite
    - add debian/README.source for information on how to use the testsuite
 -- Christian Kuersteiner <email address hidden> Tue, 19 Mar 2013 14:48:19 +0100
Source diff to previous version
1115053 Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10
CVE-2012-2733 java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not
CVE-2012-3546 org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote at
CVE-2012-4431 org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the
CVE-2012-4534 org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction w
CVE-2012-3439 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5885, CVE-2012-5886, CVE-2012-5887. Reason: This candidate is a duplicate of C
CVE-2012-5885 The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.
CVE-2012-5886 The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches informatio

Version: 7.0.26-1ubuntu1.1 2012-07-26 18:06:53 UTC

  tomcat7 (7.0.26-1ubuntu1.1) precise-proposed; urgency=low

  * Fix handling of JNDI lookups using javax.naming.Name (LP: #1012794):
    - d/patches/0012-lp-1012794-fix-jndi-lookup.patch: Cherry picked patch
      from upstream VCS which ensures that JNDI lookups that use Name
      rather than String don't fail.
 -- James Page <email address hidden> Thu, 12 Jul 2012 21:52:17 +0100
1012794 [SRU] DataSource JNDI lookup with javax.naming.Name failed


About   -   Send Feedback to @ubuntu_updates