[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

testers wanted: tomcat6 packages


http://layer-acht.org/tomcat6/ has updated tomcat6 6.0.41-2+squeeze5 packages 
for amd64, I'd be glad to see more testing. I'll add i386 .debs shortly.

Closes: 299635 608286 654136 659748 664072 665393 666256 668761 671373 677912 
682955 687818 692440 695250 713796 717279

 tomcat6 (6.0.41-2+squeeze5) squeeze-lts; urgency=medium
   * Security upload by the Debian LTS team.
   * The full list of changes between 6.0.35 (the version previously available
     in squeeze) and 6.0.41 can be see in the upstream changelog, which is
     available online at http://tomcat.apache.org/tomcat-6.0-
   * This update fixes the following security issues:
     - CVE-2014-0033: prevent remote attackers from conducting session
       fixation attacks via crafted URLs.
     - CVE-2013-4590: prevent "Tomcat internals" information leaks.
     - CVE-2013-4322: prevent remote attackers from doing denial of service
     - CVE-2013-4286: reject requests with multiple content-length headers or
       with a content-length header when chunked encoding is being used.
     - Avoid CVE-2013-1571 when generating Javadoc.
     - CVE-2012-3439: various improvements to the DIGEST authenticator.
   * Thanks to Tony Mancill for doing the vast amount of the work for this
   * Downgrade debian/compat to 8 and reduce build-dependency do debhelper 8
     to match the squeeze squeeze version


Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: