tomcat6_6.0.45-1~deb6u1_i386.changes ACCEPTED into squeeze-lts
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sat Feb 27 15:59:45 UTC 2016
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 27 Feb 2016 15:47:44 +0100
Source: tomcat6
Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.4-java libservlet2.5-java libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs tomcat6-extras
Architecture: source all
Version: 6.0.45-1~deb6u1
Distribution: squeeze-lts
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at debian.org>
Description:
libservlet2.4-java - Transitional package for libservlet2.5-java
libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes
libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation
libtomcat6-java - Servlet and JSP engine -- core libraries
tomcat6 - Servlet and JSP engine
tomcat6-admin - Servlet and JSP engine -- admin web applications
tomcat6-common - Servlet and JSP engine -- common files
tomcat6-docs - Servlet and JSP engine -- documentation
tomcat6-examples - Servlet and JSP engine -- example web applications
tomcat6-extras - Servlet and JSP engine -- additional components
tomcat6-user - Servlet and JSP engine -- tools to create user instances
Changes:
tomcat6 (6.0.45-1~deb6u1) squeeze-lts; urgency=high
.
* Non-maintainer upload by the Debian LTS team.
* Backport version 6.0.45 to Squeeze-LTS.
The full list of changes between 6.0.41 (the version previously available
in Squeeze-LTS) and 6.0.45 can be seen in the upstream changelog, which is
available online at http://tomcat.apache.org/tomcat-6.0-doc/changelog.html
* This update fixes the following security vulnerabilities:
- CVE-2015-5174: Directory traversal vulnerability in RequestUtil.java.
- CVE-2015-5345: The Mapper component in Apache Tomcat before 6.0.45
processes redirects before considering security constraints and Filters.
- CVE-2016-0706: Apache Tomcat before 6.0.45 does not place
org.apache.catalina.manager.StatusManagerServlet on the
org/apache/catalina/core/RestrictedServlets.properties list which allows
remote authenticated users to bypass intended SecurityManager
restrictions.
- CVE-2016-0714: The session-persistence implementation in Apache Tomcat before
6.0.45 mishandles session attributes, which allows remote authenticated
users to bypass intended SecurityManager restrictions.
- CVE-2016-0763: The setGlobalContext method in
org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat does
not consider whether ResourceLinkFactory.setGlobalContext callers are
authorized, which allows remote authenticated users to bypass intended
SecurityManager restrictions and read or write to arbitrary application
data, or cause a denial of service (application disruption), via a web
application that sets a crafted global context.
- CVE-2015-5351: The Manager and Host Manager applications in
Apache Tomcat establish sessions and send CSRF tokens for arbitrary new
requests, which allows remote attackers to bypass a CSRF protection
mechanism by using a token.
* Drop the following patches. They were applied upstream.
- 0011-Fix-for-NoSuchElementException-when-an-attribute-has.patch.
- CVE-2014-0227.patch.
- CVE-2014-0230.patch.
- CVE-2014-7810-1.patch.
- CVE-2014-7810-2.patch.
Checksums-Sha1:
bdce58f3f85912d8dfc5b8227b1a084e9215449c 2477 tomcat6_6.0.45-1~deb6u1.dsc
67c1e2526c96fce1d3f58f2352d16c684e14f2a0 2397224 tomcat6_6.0.45.orig.tar.xz
0a23678dc66f7bceee14d1a742ef7dce933f017f 47682 tomcat6_6.0.45-1~deb6u1.debian.tar.gz
9d36d4b3722be9727c163c3334f2f82e59eb3198 57946 tomcat6-common_6.0.45-1~deb6u1_all.deb
3b2e574cf39519969bc9131026972c52f7b861e1 51694 tomcat6_6.0.45-1~deb6u1_all.deb
32bf0a751c0948aab8e8f91ed13a10cd0413ae1d 41372 tomcat6-user_6.0.45-1~deb6u1_all.deb
443b782b6f54c8ad46031e22c8c41062b7d62150 3173086 libtomcat6-java_6.0.45-1~deb6u1_all.deb
b2b8948f692ef6dc56682d794a1dc80256423cb8 15120 libservlet2.4-java_6.0.45-1~deb6u1_all.deb
4ed8bd737b067f02498f6a22c657f36c74d015e8 241308 libservlet2.5-java_6.0.45-1~deb6u1_all.deb
30b050b81fc43ddead8a8448db13c231b2510125 259078 libservlet2.5-java-doc_6.0.45-1~deb6u1_all.deb
fa7ac0bbac914eb2d8dbccf517db41a245ac7457 50672 tomcat6-admin_6.0.45-1~deb6u1_all.deb
6ef3319fc02ce390de744077b4119d492c50c12b 382086 tomcat6-examples_6.0.45-1~deb6u1_all.deb
122241a40bcda3fa4d5db805fa0721adb0e70bfa 604752 tomcat6-docs_6.0.45-1~deb6u1_all.deb
daf33e066f62cb1447f2c3efa40be8b0f6dba3c7 15396 tomcat6-extras_6.0.45-1~deb6u1_all.deb
Checksums-Sha256:
8be34fdbf5086599498c1cd31cc761381f008d9608e9ee4e4248b0c2b3f3e2a6 2477 tomcat6_6.0.45-1~deb6u1.dsc
8bfb482b04ba7d43e7885dd0b1cb762f3a4236c6f0ebf6583a07b6aedece5f66 2397224 tomcat6_6.0.45.orig.tar.xz
b72df1f3e3f1e1af9cc41712bf1baba1a27ff615a227621d795f9976e527a5cd 47682 tomcat6_6.0.45-1~deb6u1.debian.tar.gz
290ec8e721de7c66efb0a7fb0ce8cf01f82d4d567c156d3d2a4eafa0e1151eeb 57946 tomcat6-common_6.0.45-1~deb6u1_all.deb
0159d5921e1e3b6fa71d405514cf49dfbc0ebc1d42786c23a03764ed1cf8bb3e 51694 tomcat6_6.0.45-1~deb6u1_all.deb
2f6c46007ada0551e16112ae215fbb0c948235276ce62b448e2ecbfd1cece2ad 41372 tomcat6-user_6.0.45-1~deb6u1_all.deb
19d580ded4f31fd9e945b309097f9e0179e0dde4b825892f64ae31e97b2b35bb 3173086 libtomcat6-java_6.0.45-1~deb6u1_all.deb
18517082a04f9ec00e1b78d86c04df71bfe73c907d360bb960776c117774d4fa 15120 libservlet2.4-java_6.0.45-1~deb6u1_all.deb
99105c0c4f2a4de8f1f7d8f907cdc39bceeada71cff3f65b1ca629d94369a96e 241308 libservlet2.5-java_6.0.45-1~deb6u1_all.deb
775ab5d3070127d972a6cd9cc619f9d137e44a48ad7bb9c85ea2e12019c11ec0 259078 libservlet2.5-java-doc_6.0.45-1~deb6u1_all.deb
8d5786025e924483a6f737b6e295e0f6d0c23c701cc6e4cfdb7528b6e57ecb2d 50672 tomcat6-admin_6.0.45-1~deb6u1_all.deb
29ab64df1303e56154fb71bc5ce66ec29269fccb2fe69b8a6420e32e98014820 382086 tomcat6-examples_6.0.45-1~deb6u1_all.deb
c5d7f5923bf8ee9a4e2d3e987a80a7fa7a4ad4c5cf5917608fc2943bfeaacf1a 604752 tomcat6-docs_6.0.45-1~deb6u1_all.deb
05c44f3953ad1de7f318519e4a0132f7fd75decd3b309697b2bdc6b3cf14320d 15396 tomcat6-extras_6.0.45-1~deb6u1_all.deb
Files:
fd42d7b1144474aa35f0b3f75f320145 2477 java optional tomcat6_6.0.45-1~deb6u1.dsc
1f2caadb4e899d35b70fe42bc5b95d2e 2397224 java optional tomcat6_6.0.45.orig.tar.xz
b625be6699ae2820cd3d7b0719cabb73 47682 java optional tomcat6_6.0.45-1~deb6u1.debian.tar.gz
50abaebcc243d51b335163496ad13dfc 57946 java optional tomcat6-common_6.0.45-1~deb6u1_all.deb
9352102cf255a3bb40a8936e322bdbfa 51694 java optional tomcat6_6.0.45-1~deb6u1_all.deb
664f523dd60ac74684b0f1b15d5619c7 41372 java optional tomcat6-user_6.0.45-1~deb6u1_all.deb
804e2d642a7e2711c1058b1eeffd5535 3173086 java optional libtomcat6-java_6.0.45-1~deb6u1_all.deb
8ffecf6f9e83dc9b2e0e1c275b26c7e8 15120 oldlibs extra libservlet2.4-java_6.0.45-1~deb6u1_all.deb
62024fac43625bd5b5bfea0f0453b8db 241308 java optional libservlet2.5-java_6.0.45-1~deb6u1_all.deb
a1579c56e9e15ce063315c76eb017591 259078 doc optional libservlet2.5-java-doc_6.0.45-1~deb6u1_all.deb
7629ff5f5c73fc7178a522791cd990b8 50672 java optional tomcat6-admin_6.0.45-1~deb6u1_all.deb
1755b8b6eb6b194a4628206430442ad6 382086 java optional tomcat6-examples_6.0.45-1~deb6u1_all.deb
b404a6ba149a7fb299593bc3625d6ba1 604752 doc optional tomcat6-docs_6.0.45-1~deb6u1_all.deb
ffe75b668b2129f59d05a6a810c922e3 15396 java optional tomcat6-extras_6.0.45-1~deb6u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJW0bmRXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkPxcP/iOaYn+4vMgeYnirxY3ieG5K
AOaQEhYfLWZ5JflREX/1AobRRYK/1NJ+MS1lJ8+73OH0GgkBmKONBNGhLFy1UqPh
SbSa79unDfBwnKLfa4KRmx9odVpMu5Gv525nDVRQlrizms6BfIUQ8nbj2W7kt264
nf87x3Ih8V81PMCFDvcrmONPCpMo3+kbfseRIpHCfgaLzCLtAoX85zHFh1owMCnh
pjx8+kibNfnSVMV8oX9nMZdJUsYuXOwsrl4bcv8zVrA17A1xQk5/qdkJZGEFPabp
fYtoxdGq+eNReINS+YPRnUOq1iovVxHUKTyhnv612d94X1TppAJN1ebV5afDWXwT
fFFJR8k7rn4LnF3A2/ZHRLUsAH8WG3GPRg2CXPeSPw4EuduqXWL3OZN/s8kfqKzD
qIAbGpkfoHrX1zF4KM5TK7qYg+V9HM/PRV/qap5PHNojd01Tdn3Z2O40VKpRPRP2
1/OPQfhgePML+54zeyebvntokoAyYN7flWAAoQn/GxXjOlHeqoCz752ziwvpXch5
5FZ36CpeALwUuiqnR6v5O0M2qWdusJDmE0+eU9fWfAsx2gdxv5bfJqiF75Bz78Pt
2BFwxqY7f52cYT/IIVgYqvzAe+aQmlj8UlwljZCebxqNPNpyFA3y5SZE4qyO9we1
Uv49+6gMYf7Ve4o59y0Q
=jane
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the pkg-java-maintainers
mailing list