Accepted tomcat 3.3a-4woody1 (i386 source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 26 Jan 2003 15:50:42 +0100
Source: tomcat
Binary: libapache-mod-jk tomcat
Architecture: source i386 all
Version: 3.3a-4woody1
Distribution: stable-security
Urgency: high
Maintainer: Stefan Gybas <sgybas@debian.org>
Changed-By: Stefan Gybas <sgybas@debian.org>
Description:
libapache-mod-jk - Apache connector for Tomcat servlet engine
tomcat - Java Servlet 2.2 engine with JSP 1.1 support
Changes:
tomcat (3.3a-4woody1) unstable; urgency=high
.
* Include two security fixes from the Tomcat 3.3.1a release:
+ when used with JDK 1.3.1 or earlier, a maliciously crafted request
could return a directory listing even when an index.html, index.jsp,
or other welcome file is present. File contents can be returned as well.
+ a malicious web application could read the contents of some files
outside the web application via its web.xml file in spite of the
presence of a security manager
* Disable the examples webapp since it contains cross site scripting
vulnerability: examples.war is now installed in
/usr/share/doc/tomcat/examples
Files:
1c34b1fdedf90ea10531ed12a8c6ae0b 714 contrib/web optional tomcat_3.3a-4woody1.dsc
c58c7edd2df1a806b510068ab7a9a04f 15146 contrib/web optional tomcat_3.3a-4woody1.diff.gz
2df39325c7293ee11ae5547281ca1077 2087545 contrib/web optional tomcat_3.3a.orig.tar.gz
1ed6efa36586a8a3d3b527aeebbc4531 1196810 contrib/web optional tomcat_3.3a-4woody1_all.deb
1e11d6a43654fc6d921c8bc90ad15b4b 51522 contrib/web optional libapache-mod-jk_3.3a-4woody1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+NRJXW5ql+IAeqTIRAu1BAKCPZB8Ayw+MEnZmCoI1VBhtgk55CgCgq1Rq
AE0QM0EywRUdreL21xKXSIM=
=n1l+
-----END PGP SIGNATURE-----
Accepted:
libapache-mod-jk_3.3a-4woody1_i386.deb
to pool/contrib/t/tomcat/libapache-mod-jk_3.3a-4woody1_i386.deb
tomcat_3.3a-4woody1.diff.gz
to pool/contrib/t/tomcat/tomcat_3.3a-4woody1.diff.gz
tomcat_3.3a-4woody1.dsc
to pool/contrib/t/tomcat/tomcat_3.3a-4woody1.dsc
tomcat_3.3a-4woody1_all.deb
to pool/contrib/t/tomcat/tomcat_3.3a-4woody1_all.deb
Reply to: