Change log for tomcat5.5 package in Ubuntu
| 1 → 18 of 18 results | First • Previous • Next • Last |
tomcat5.5 (5.5.25-5ubuntu1.3) hardy-security; urgency=low
* SECURITY UPDATE: Apache Tomcat Authentication bypass and information
disclosure (LP: #843701).
- connectors/jk/java/org/apache/coyote/ajp/AjpAprProcessor.java: Prevent AJP
request forgery via unread request body packet - upstream patch from Mark
Thomas
- http://svn.apache.org/viewvc?view=revision&revision=1162960
- CVE-2011-3190
-- James Page <email address hidden> Mon, 26 Sep 2011 11:42:02 +0100
Available diffs
tomcat5.5 (5.5.25-5ubuntu1.2) hardy-proposed; urgency=low
* debian/tomcat5.5.init: Add OpenJDK to the JVM list and stop refusing JREs
so that Tomcat 5.5 starts up correctly with all the java2-runtime providers
in hardy (LP: #179447, LP: #212521)
-- Thierry Carrez <email address hidden> Mon, 22 Sep 2008 10:48:30 +0200
Available diffs
| Deleted in karmic-release (Reason: (From Debian) RoM; superseded by new upstream version) |
| Obsolete in jaunty-release |
tomcat5.5 (5.5.26-5ubuntu1) jaunty; urgency=low * Merge from debian unstable (LP: #298043), remaining changes: - debian/control: add libecj-java builddep to fix FTBFS with default-jdk - debian/rules: Set java source and target version to 1.5 - debian/rules: Don't fail install if Tomcat cannot be started - debian/tomcat5.5.init: Fix JVM list to match java2-runtime-headless providers, and do not refuse using JREs - debian/tomcat5.5.install: Don't install catalina.policy * debian/changelog: Removed duplicate entries * debian/tomcat5.5.init: Added LSB exit codes to status action (LP: #298051) * debian/rules: dropped Ubuntu-specific TearDown implementation which might break LifecycleListener
Available diffs
tomcat5.5 (5.5.26-3ubuntu3) intrepid; urgency=low * Set java source and target version to 1.5 (LP: #264808) -- Thierry Carrez <email address hidden> Mon, 20 Oct 2008 13:47:15 +0200
Available diffs
- diff from 5.5.26-3ubuntu2 to 5.5.26-3ubuntu3 (561 bytes)
| Superseded in intrepid-release |
tomcat5.5 (5.5.26-3ubuntu2) intrepid; urgency=low * Don't fail install if Tomcat cannot be started (LP: #274365, LP: #212536) -- Thierry Carrez <email address hidden> Mon, 29 Sep 2008 15:03:01 +0200
Available diffs
- diff from 5.5.26-3ubuntu1 to 5.5.26-3ubuntu2 (504 bytes)
| Superseded in intrepid-release |
tomcat5.5 (5.5.26-3ubuntu1) intrepid; urgency=low
* Fix tomcat5.5 Java environment to match status of Java in intrepid:
- control: Moved Java runtime deps to libtomcat5.5-java
- control: Depends on default-jre-headless | java2-runtime-headless
- tomcat5.5.init: Fix JVM list to match java2-runtime-headless
- rules, control: Builds with default-jdk, libecj-java build-dep added
- Fixes LP: #212521, LP: #179447
* tomcat5.5.postinst: Removed superfluous /etc/tomcat5.5/tomcat5.5 linking
* rules, tomcat5.5.init: implement TearDown spec
* tomcat5.5.install: don't install catalina.policy (LP: #112626)
* Fix CVE-2008-1232 cross-site scripting vulnerability (LP: #256926)
* Fix CVE-2008-2370 information disclosure vulnerability (LP: #256922)
* Fix CVE-2008-2938 directory traversal (LP: #256802)
-- Thierry Carrez <email address hidden> Wed, 10 Sep 2008 12:00:09 +0200
Available diffs
- diff from 5.5.26-3 to 5.5.26-3ubuntu1 (4.4 KiB)
tomcat5.5 (5.5.25-5ubuntu1.1) hardy-security; urgency=low
* SECURITY UPDATE: Fix information disclosure vulnerability that allowed to
access unauthorized content, fix directory traversal vulnerability that
could on specific configurations lead to the disclosure of sensitive
files, and fix two cross-site-scripting issues that could result in
arbitrary content being injected into the HTTP response.
* Security patches from upstream SVN, applied inline
(LP: #256802, LP: #256922, LP: #256926, LP: #270553)
* References
CVE-2008-1232
CVE-2008-1947
CVE-2008-2370
CVE-2008-2938
-- Thierry Carrez <email address hidden> Mon, 15 Sep 2008 17:13:15 +0200
Available diffs
tomcat5.5 (5.5.26-3) unstable; urgency=high
* CVE-2008-1947: Fix XSS issue in host-manager web application.
Closes: #484643
-- Ubuntu Archive Auto-Sync <email address hidden> Sat, 07 Jun 2008 12:43:41 +0100
Available diffs
- diff from 5.5.26-2 to 5.5.26-3 (816 bytes)
tomcat5.5 (5.5.26-2) unstable; urgency=low
* Fixed bootstrap.MF to put commons-logging-api.jar onto classpath instead
of commons-logging-api-1.1.1.jar. Closes: #477363
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 02 Jun 2008 15:13:06 +0100
Available diffs
- diff from 5.5.26-1 to 5.5.26-2 (472 bytes)
tomcat5.5 (5.5.26-1) unstable; urgency=low
[ Michael Koch ]
* New upstream release.
- CVE-2007-5333: unauthorized disclosure of information. Closes: #465645
- CVS-2007-6286: handling of empty requests.
* debian/rules: Don't file when files to delete don't exist.
Closes: #458977
* debian/tomcat5.5.init: Change directory to $CATALINA_BASE/temp before
starting the daemon. Patch by David Pashley. Closes: #418826
* debian/tomcat5.5.init: Use 'printf' instead of 'echo -e'.
Closes: #472899
[ Marcus Better ]
* debian/policy/04webapps.policy: Grant read permission to JULI for the
(non-existing) logging.properties file in the example webapps. Closes:
#460839.
-- Onkar Shinde <email address hidden> Thu, 29 May 2008 14:07:58 +0100
Available diffs
- diff from 5.5.25-5ubuntu1 to 5.5.26-1 (205.6 KiB)
tomcat5.5 (5.5.25-5ubuntu1) hardy; urgency=low * Merge from Debian unstable (LP: #153672, LP: #159661, LP: #161882, LP: #173692, LP: #179491), remaining changes: - debian/control: Change the Maintainer address. - debian/rules: Force flag passed to rm to `prune files that should not be installed at all'.
tomcat5.5 (5.5.25-1ubuntu1) gutsy; urgency=low
* Merged from Debian revision 5.5.25-1; remaining Ubuntu changes:
- Modified build-deps.
- Force flag passed to rm to `prune files that should not be
installed at all'.
* This fixes CVE-2007-1355, CVS-2007-2449 and CVE-2007-2450
(LP: #150755).
-- Philipp Kern <email address hidden> Mon, 08 Oct 2007 23:59:20 +0200
| Superseded in gutsy-release |
tomcat5.5 (5.5.20-5ubuntu2) gutsy; urgency=low * Replace the Depends on ecj-bootstrap with ecj. -- Steve Kowalik <email address hidden> Tue, 7 Aug 2007 23:04:03 +1000
| Superseded in gutsy-release |
tomcat5.5 (5.5.20-5ubuntu1) gutsy; urgency=low
* Merge from debian unstable, remaining changes:
- debian/control: Added removed (from debian) build-dep on xsltproc
* debian/control:
- Added Ubuntu MOTU Maintainer, moved old one to XSBC-Original-...
tomcat5.5 (5.5.20-4ubuntu1) feisty; urgency=low
* Merge from debian unstable, remaining changes:
- debian/control: Added removed (from debian) build-dep on xsltproc
| Superseded in feisty-release |
tomcat5.5 (5.5.20-2ubuntu1) feisty; urgency=low
* Merge from debian unstable.
* New Ubuntu changes:
- debian/control: Added removed (from debian) build-dep on xsltproc
- debian/rules: added a -f to a rm command, which fails, when those files
are not there.
tomcat5.5 (5.5.17-1ubuntu1) edgy; urgency=low * (Build-) depend on libmx4j-java (>= 3.0).
tomcat5.5 (5.5.15-1) experimental; urgency=low
* Arnaud Vandyck <email address hidden>:
+ All the work as been done by Wolfgang to have this package in
Debian.
+ The package is now tomcat5.5 and not tomcat5.
+ Now build with gcj instead of kaffe.
+ Put cdbs and debhelper in Build-Depends.
+ Standards-Version updated to 3.7.2.
+ tomcat depends on tomcat-webapps and tomcat-admin, not only suggest
* New major upstream release
+ New source layout - adaptions all over the place
+ Ported all patches to new source layout
+ Added patch (09_UseSystemDBCP.patch) to use system dbcp instead of
repackaged tomcat stuff (naming-factory-dbcp.jar)
+ Drop now unneeded dependencies on libsaxpath-java, libjaxen-java,
libregexp-java from build-dependencies and dependencies
+ Move dependency on libcommons-collections3-java,
libcommons-fileupload-java, libcommons-beanutils-java and
libcommons-digester-java to tomcat5-admin (only needed here)
+ Move libraries around as required by new binary layout (e.g. i18n jars
into own directory)
+ Moved and linked new jars (tomcat-jkstatus-ant.jar, tomcat-juli.jar)
+ Updated 03catalina.policy to include tomcat-juli.jar, remove launcher.jar
+ Install ant task definitions with libtomcat5-java
* Remove JDK 1.3 directories from JDK_DIRS in tomcat.init (not supported)
* Updated tomcat.default to remove JDK 1.3 options
* Updated description to include host-manager, fixed URLs
* Minor updates in README.Debian
| 1 → 18 of 18 results | First • Previous • Next • Last |
