Ubuntu
tomcat6 package

Change logs for tomcat6 source package in Karmic

Karmic (9.10)
Change log

tomcat6 (6.0.20-2ubuntu2.4) karmic-security; urgency=low

  * SECURITY UPDATE: directory traversal via incorrect ServetContext
    attribute (LP: #717396)
    - debian/patches/0012-CVE-2010-3718.patch: mark as read only in
      java/org/apache/catalina/core/StandardContext.java.
    - CVE-2010-3718
  * SECURITY UPDATE: cross-site scripting in HTML Manager interface
    - debian/patches/0013-CVE-2011-0013.patch: properly filter values in
      java/org/apache/catalina/manager/{HTMLManagerServlet.java,
      StatusTransformer.java}.
    - CVE-2011-0013
  * SECURITY UPDATE: denial of service via NIOS HTTP connector
    (LP: #714239, LP: #717396)
    - debian/patches/0014-CVE-2011-0534.patch: enforce proper size in
      java/org/apache/coyote/http11/InternalNioInputBuffer.java.
    - CVE-2011-0534
 -- Marc Deslauriers <email address hidden>   Thu, 24 Mar 2011 13:58:06 -0400

tomcat6 (6.0.20-2ubuntu2.3) karmic-security; urgency=low

  * SECURITY UPDATE: cross-site scripting in Manager application
    - debian/patches/0011-CVE-2010-4172.patch: add proper escaping to
      java/org/apache/catalina/manager/JspHelper.java,
      webapps/manager/{sessionDetail,sessionsList}.jsp.
    - patch backported from Debian 6.0.28-9 package
    - CVE-2010-4172
 -- Marc Deslauriers <email address hidden>   Thu, 13 Jan 2011 15:52:00 -0600

tomcat6 (6.0.20-2ubuntu2.2) karmic-security; urgency=low

  * SECURITY UPDATE: denial of service and possible information disclosure
    via crafted header
    - debian/patches/CVE-2010-2227.patch: fix filter logic in
      java/org/apache/coyote/http11/{Http11AprProcessor,Http11NioProcessor,
      Http11Processor,filters/BufferedInputFilter}.java.
    - CVE-2010-2227
 -- Marc Deslauriers <email address hidden>   Thu, 19 Aug 2010 11:02:58 -0400

tomcat6 (6.0.20-2ubuntu2.1) karmic-security; urgency=low

  * SECURITY UPDATE: arbitrary file creation or overwrite from directory
    traversal via a .. entry in a WAR file.
    - CVE-2009-2693
  * SECURITY UPDATE: authentication bypass via autodeployment process
    - CVE-2009-2901
  * SECURITY UPDATE: work-directory file deletion via directory traversal
    sequences in a WAR filename.
    - CVE-2009-2902
    - debian/patches/security_CVE-2009-2693_2901_2902.patch: validate file
      names and paths in java/org/apache/catalina/loader/
      {LocalStrings.properties,WebappClassLoader.java},
      java/org/apache/catalina/startup/{ContextConfig.java,ExpandWar.java,
      HostConfig.java,LocalStrings.properties}
 -- Marc Deslauriers <email address hidden>   Wed, 10 Feb 2010 15:46:14 -0500

tomcat6 (6.0.20-2ubuntu2) karmic; urgency=low

  * Add maven POM's for libservlet2.5-java. LP: #454822.
  * debian/policy/02debian.policy: grant access to
    /usr/share/maven-repo/ as it is a valid source of Debian JARs.

 -- Matthias Klose <email address hidden>   Sun, 25 Oct 2009 17:00:31 +0100

tomcat6 (6.0.20-2ubuntu1) karmic; urgency=low

  * Merge from debian unstable (LP: #391018); remaining changes:
    - debian/control, debian/rules: Use default-jdk to build
    - debian/control: Run using default-jre-headless by default

tomcat6 (6.0.20-2) unstable; urgency=low

  * Expose tomcat-juli.jar as a library in /usr/share/java
    as it is a dependency of jasper which is used also by jetty

 -- Iulian Udrea <email address hidden>   Tue, 23 Jun 2009 05:10:21 +0100

tomcat6 (6.0.20-1ubuntu1) karmic; urgency=low

  [ Iulian Udrea ]
  * Merge from debian unstable (LP: #385262), remaining changes:
    - debian/control, debian/rules: Use default-jdk to build
    - debian/control: Run using default-jre-headless by default

tomcat6 (6.0.20-1) unstable; urgency=low

  * new upstream release (Closes: #531873)
  * Remove patch tcnative-ipv6-fix-43327.patch that has been applied upstream.
  * Refresh other patches.

tomcat6 (6.0.18-dfsg1-1) unstable; urgency=low

  [ Torsten Werner ]
  * Remove jstl.jar and standard.jar from orig tarball because it comes without
    source code. (Closes: #528119)

  [ Marcus Better ]
  * Let the init script exit silently if the package is
    uninstalled. (Closes: #529301)

tomcat6 (6.0.18-4) unstable; urgency=low

  * Add patch tcnative-ipv6-fix-43327.patch provided by Thierry Carrez.
    (Closes: #527033)
  * Change Section: java (from web).
  * Bump up Standards-Version: 3.8.1 (no changes).
  * Remove redundant Depends: ant because we depend on ant-optional.

 -- Mathias Gug <email address hidden>   Tue, 09 Jun 2009 12:35:19 -0400

tomcat6 (6.0.18-3ubuntu1) karmic; urgency=low

  * Merge from debian unstable (LP: #371728), remaining changes:
    - debian/control, debian/rules: Use default-jdk to build
    - debian/control: Run using default-jre-headless by default
    - debian/patches/tcnative-ipv6-fix-43327.patch to fix incompatibility
      between libtcnative-1 and ipv6

tomcat6 (6.0.18-3) unstable; urgency=low

  * Remove unneeded dirs and symlinks; thanks to Thierry Carrez. (Closes:
    #517857)
  * Improve the long description of all binary packages. (Closes: #518140)

tomcat6 (6.0.18-2) unstable; urgency=low

  * upload to unstable

tomcat6 (6.0.18-1) experimental; urgency=low

  * Merge changes from Ubuntu. Thanks to the Ubuntu developers we are shipping
    a full Tomcat 6.0 server stack now. (Closes: #494674)
  * Add myself to Uploaders.
  * Switch to openjdk-6 which is not the default in Debian.

 -- Thierry Carrez <email address hidden>   Mon, 04 May 2009 17:53:42 +0200

tomcat6 (6.0.18-0ubuntu6) jaunty; urgency=low

  * Added debian/patches/tcnative-ipv6-fix-43327.patch to fix incompatibility
    between libtcnative-1 and ipv6 (fixes LP: #287645)
  * No longer create confusing /var/lib/tomcat6/lib or lib subdirectory in
    private instances, since they are ignored (LP: #324212)

 -- Thierry Carrez <email address hidden>   Mon, 23 Feb 2009 10:16:37 +0000

Ubuntutomcat6 package

Change logs for tomcat6 source package in Karmic

Ubuntu
tomcat6 package