Accepted tomcat 3.3a-4woody1 (i386 source all)

To: debian-changes@lists.debian.org
Subject: Accepted tomcat 3.3a-4woody1 (i386 source all)
From: Stefan Gybas <sgybas@debian.org>
Date: Wed, 29 Jan 2003 10:47:30 -0500
Message-id: <[🔎] E18duR0-0001q5-00@auric.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 26 Jan 2003 15:50:42 +0100
Source: tomcat
Binary: libapache-mod-jk tomcat
Architecture: source i386 all
Version: 3.3a-4woody1
Distribution: stable-security
Urgency: high
Maintainer: Stefan Gybas <sgybas@debian.org>
Changed-By: Stefan Gybas <sgybas@debian.org>
Description: 
 libapache-mod-jk - Apache connector for Tomcat servlet engine
 tomcat     - Java Servlet 2.2 engine with JSP 1.1 support
Changes: 
 tomcat (3.3a-4woody1) unstable; urgency=high
 .
   * Include two security fixes from the Tomcat 3.3.1a release:
     + when used with JDK 1.3.1 or earlier, a maliciously crafted request
       could return a directory listing even when an index.html, index.jsp,
       or other welcome file is present. File contents can be returned as well.
     + a malicious web application could read the contents of some files
       outside the web application via its web.xml file in spite of the
       presence of a security manager
   * Disable the examples webapp since it contains cross site scripting
     vulnerability: examples.war is now installed in
     /usr/share/doc/tomcat/examples
Files: 
 1c34b1fdedf90ea10531ed12a8c6ae0b 714 contrib/web optional tomcat_3.3a-4woody1.dsc
 c58c7edd2df1a806b510068ab7a9a04f 15146 contrib/web optional tomcat_3.3a-4woody1.diff.gz
 2df39325c7293ee11ae5547281ca1077 2087545 contrib/web optional tomcat_3.3a.orig.tar.gz
 1ed6efa36586a8a3d3b527aeebbc4531 1196810 contrib/web optional tomcat_3.3a-4woody1_all.deb
 1e11d6a43654fc6d921c8bc90ad15b4b 51522 contrib/web optional libapache-mod-jk_3.3a-4woody1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+NRJXW5ql+IAeqTIRAu1BAKCPZB8Ayw+MEnZmCoI1VBhtgk55CgCgq1Rq
AE0QM0EywRUdreL21xKXSIM=
=n1l+
-----END PGP SIGNATURE-----


Accepted:
libapache-mod-jk_3.3a-4woody1_i386.deb
  to pool/contrib/t/tomcat/libapache-mod-jk_3.3a-4woody1_i386.deb
tomcat_3.3a-4woody1.diff.gz
  to pool/contrib/t/tomcat/tomcat_3.3a-4woody1.diff.gz
tomcat_3.3a-4woody1.dsc
  to pool/contrib/t/tomcat/tomcat_3.3a-4woody1.dsc
tomcat_3.3a-4woody1_all.deb
  to pool/contrib/t/tomcat/tomcat_3.3a-4woody1_all.deb

Reply to:

Prev by Date: Accepted dhcp3 3.0+3.0.1rc9-2.2 (sparc source)
Next by Date: Accepted courier-ssl 0.37.3-3.2 (sparc source)
Previous by thread: Accepted dhcp3 3.0+3.0.1rc9-2.2 (sparc source)
Next by thread: Accepted courier-ssl 0.37.3-3.2 (sparc source)
Index(es):
- Date
- Thread