Accepted tomcat 3.3.1a-1 (i386 source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 27 Jan 2003 10:50:13 +0100
Source: tomcat
Binary: libapache-mod-jk tomcat
Architecture: source all i386
Version: 3.3.1a-1
Distribution: unstable
Urgency: high
Maintainer: Stefan Gybas <sgybas@debian.org>
Changed-By: Stefan Gybas <sgybas@debian.org>
Description:
libapache-mod-jk - Apache connector for Tomcat servlet engine
tomcat - Java Servlet 2.2 engine with JSP 1.1 support
Changes:
tomcat (3.3.1a-1) unstable; urgency=high
.
* New upstream release which fixes two security vulnerabilities:
+ when used with JDK 1.3.1 or earlier, a maliciously crafted request
could return a directory listing even when an index.html, index.jsp,
or other welcome file is present. File contents can be returned as well.
+ a malicious web application could read the contents of some files
outside the web application via its web.xml file in spite of the
presence of a security manager
* Disable the examples webapp since it contains cross site scripting
vulnerability: examples.war is now installed in
/usr/share/doc/tomcat/examples
* Standards-Version: 3.5.8 (no changes required)
* Build with the latest Apache version
* Updates README.Debian
Files:
2fdf39c430424aa9a24acc4fa5bbcac7 809 contrib/web optional tomcat_3.3.1a-1.dsc
bebdbb5f9a079c36d5804581bbe6e97f 2155431 contrib/web optional tomcat_3.3.1a.orig.tar.gz
3ec7773187f8cbe29184a3cdc8a7215f 14361 contrib/web optional tomcat_3.3.1a-1.diff.gz
0a79edfd52054a051180be5aa7db999e 1272762 contrib/web optional tomcat_3.3.1a-1_all.deb
01e2226fb8c56668d801e8d9a4af229c 51314 contrib/web optional libapache-mod-jk_3.3.1a-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+NSMwCdoSgNrrJGsRAqz5AJ0ZpaBL3Evpelo7VIhom8rFHNj2PQCglnEH
dvZGjYhDLR0wfdCmmBovZtQ=
=5uv5
-----END PGP SIGNATURE-----
Accepted:
libapache-mod-jk_3.3.1a-1_i386.deb
to pool/contrib/t/tomcat/libapache-mod-jk_3.3.1a-1_i386.deb
tomcat_3.3.1a-1.diff.gz
to pool/contrib/t/tomcat/tomcat_3.3.1a-1.diff.gz
tomcat_3.3.1a-1.dsc
to pool/contrib/t/tomcat/tomcat_3.3.1a-1.dsc
tomcat_3.3.1a-1_all.deb
to pool/contrib/t/tomcat/tomcat_3.3.1a-1_all.deb
tomcat_3.3.1a.orig.tar.gz
to pool/contrib/t/tomcat/tomcat_3.3.1a.orig.tar.gz
Reply to: