Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2010-1157

Related Vulnerabilities: CVE-2010-1157  

Source

Debian Bug report logs - #587447
CVE-2010-1157

version graph

Package: tomcat6; Maintainer for tomcat6 is Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>;

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Mon, 28 Jun 2010 17:36:02 UTC

Severity: important

Tags: security

Fixed in version tomcat6/6.0.26-5

Done: Torsten Werner <twerner@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#587447; Package tomcat6. (Mon, 28 Jun 2010 17:36:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>. (Mon, 28 Jun 2010 17:36:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2010-1157
Date: Mon, 28 Jun 2010 19:32:52 +0200
Package: tomcat6
Severity: important
Tags: security

Dear Tomcat maintainers,

AFAICS CVE-2010-1157 is still unfixed in sid:
http://tomcat.apache.org/security-6.html

We don't need to update Lenny, since the security impact
is marginal. If you want to have it fixed in stable, you
can still fix it through a point update.

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Reply sent to Torsten Werner <twerner@debian.org>:
You have taken responsibility. (Mon, 28 Jun 2010 22:18:34 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Mon, 28 Jun 2010 22:18:34 GMT) (full text, mbox, link).

Message #10 received at 587447-close@bugs.debian.org (full text, mbox, reply):

From: Torsten Werner <twerner@debian.org>
To: 587447-close@bugs.debian.org
Subject: Bug#587447: fixed in tomcat6 6.0.26-5
Date: Mon, 28 Jun 2010 22:05:13 +0000
Source: tomcat6
Source-Version: 6.0.26-5

We believe that the bug you reported is fixed in the latest version of
tomcat6, which is due to be installed in the Debian FTP archive:

libservlet2.5-java-doc_6.0.26-5_all.deb
  to main/t/tomcat6/libservlet2.5-java-doc_6.0.26-5_all.deb
libservlet2.5-java_6.0.26-5_all.deb
  to main/t/tomcat6/libservlet2.5-java_6.0.26-5_all.deb
libtomcat6-java_6.0.26-5_all.deb
  to main/t/tomcat6/libtomcat6-java_6.0.26-5_all.deb
tomcat6-admin_6.0.26-5_all.deb
  to main/t/tomcat6/tomcat6-admin_6.0.26-5_all.deb
tomcat6-common_6.0.26-5_all.deb
  to main/t/tomcat6/tomcat6-common_6.0.26-5_all.deb
tomcat6-docs_6.0.26-5_all.deb
  to main/t/tomcat6/tomcat6-docs_6.0.26-5_all.deb
tomcat6-examples_6.0.26-5_all.deb
  to main/t/tomcat6/tomcat6-examples_6.0.26-5_all.deb
tomcat6-user_6.0.26-5_all.deb
  to main/t/tomcat6/tomcat6-user_6.0.26-5_all.deb
tomcat6_6.0.26-5.debian.tar.gz
  to main/t/tomcat6/tomcat6_6.0.26-5.debian.tar.gz
tomcat6_6.0.26-5.dsc
  to main/t/tomcat6/tomcat6_6.0.26-5.dsc
tomcat6_6.0.26-5_all.deb
  to main/t/tomcat6/tomcat6_6.0.26-5_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 587447@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Torsten Werner <twerner@debian.org> (supplier of updated tomcat6 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 28 Jun 2010 21:41:31 +0200
Source: tomcat6
Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs
Architecture: source all
Version: 6.0.26-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Torsten Werner <twerner@debian.org>
Description: 
 libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes
 libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation
 libtomcat6-java - Servlet and JSP engine -- core libraries
 tomcat6    - Servlet and JSP engine
 tomcat6-admin - Servlet and JSP engine -- admin web applications
 tomcat6-common - Servlet and JSP engine -- common files
 tomcat6-docs - Servlet and JSP engine -- documentation
 tomcat6-examples - Servlet and JSP engine -- example web applications
 tomcat6-user - Servlet and JSP engine -- tools to create user instances
Closes: 587447
Changes: 
 tomcat6 (6.0.26-5) unstable; urgency=medium
 .
   * Convert patches to dep3 format.
   * Backport security fix from trunk to fix CVE-2010-1157. (Closes: #587447)
   * Set urgency to medium due to the security fix.
Checksums-Sha1: 
 f894f154164b7e7b99fda2b75bfe711b5379bd6f 1605 tomcat6_6.0.26-5.dsc
 fd158438a16580f4dac8c26f86b7c21f4c870623 32783 tomcat6_6.0.26-5.debian.tar.gz
 9b6da9c18b816d4db206ab3db69551e8bf084f8b 46242 tomcat6-common_6.0.26-5_all.deb
 a4d6846d6b8b36ac6334472c1a3d92967511db05 31230 tomcat6_6.0.26-5_all.deb
 220bf3ddec461ae293ee846b05f7e512f94ef311 25292 tomcat6-user_6.0.26-5_all.deb
 35ba20b3d65688bb82be4bdafbaa6d1e8d5c6149 3018046 libtomcat6-java_6.0.26-5_all.deb
 107de46c77f3e757b12ab699f0b8c89b4b552a30 190782 libservlet2.5-java_6.0.26-5_all.deb
 49247a0a398bccf8f216a5d42025c71b58207827 253906 libservlet2.5-java-doc_6.0.26-5_all.deb
 cc49af62c93d092c778b8aa5d8b8f44a230b7920 41798 tomcat6-admin_6.0.26-5_all.deb
 a2fcfac961d53dc52a19c48c2b9a814ecb46c16d 161032 tomcat6-examples_6.0.26-5_all.deb
 f695cc77b95f61fe66588dd203c75bb7f7ded6c6 520464 tomcat6-docs_6.0.26-5_all.deb
Checksums-Sha256: 
 26f71188225ef700ca5343ebb0f86b76073af7a7dce658090aec78f58d078059 1605 tomcat6_6.0.26-5.dsc
 b305f7d08de41004f73b7e0e63ec9233f7e3399764e86449d76917ea7169b578 32783 tomcat6_6.0.26-5.debian.tar.gz
 9520e1d6b0c596cb9556567b1e6e09168bbf30337419c1a1b63f62fb600ce153 46242 tomcat6-common_6.0.26-5_all.deb
 fd64212cb1977c706e0f104add6e41da9693cb81728ac4c7d04ddada7b67ad1b 31230 tomcat6_6.0.26-5_all.deb
 ad9283a0bfad786b7f84456706aed8f43fb8c54e2a70e084f52e14acf1e7d81b 25292 tomcat6-user_6.0.26-5_all.deb
 52b9e82784b4eb0c3504555b94f4b64dd81ab46c76f61cd87b9a63430008c4f8 3018046 libtomcat6-java_6.0.26-5_all.deb
 a5364682cc8134e147c36ec2a533cf6bbbf1f38e67382c65ef7aaabed9d52745 190782 libservlet2.5-java_6.0.26-5_all.deb
 643af4020fc7f10ed63c5c9e71e87f8b9ca5a03c3571dc052874c313f6e2e2bf 253906 libservlet2.5-java-doc_6.0.26-5_all.deb
 f60d2ef628197112471b993359942bb1ca39720e71edc776ae666b664ef2051f 41798 tomcat6-admin_6.0.26-5_all.deb
 34325e48af282bb4c3e84dafdb9bb9d45174ec3f9d6cb9261311db624a81f363 161032 tomcat6-examples_6.0.26-5_all.deb
 a00adc26e4953c6f886b1cfde2ac2679a787176aac1926e16a3efc1d4473b991 520464 tomcat6-docs_6.0.26-5_all.deb
Files: 
 4c9ed8aea8f3647d2663f737182a7eca 1605 java optional tomcat6_6.0.26-5.dsc
 96916eb30f797a20b398e48754a0ff78 32783 java optional tomcat6_6.0.26-5.debian.tar.gz
 3f388a38125a60d5ab7511cb3d8eb9d7 46242 java optional tomcat6-common_6.0.26-5_all.deb
 77e031b82a9830699932e5887ba1fa32 31230 java optional tomcat6_6.0.26-5_all.deb
 7f1d3a4d868aa0f0c4b3d7a1d955f615 25292 java optional tomcat6-user_6.0.26-5_all.deb
 6e65a7692a32a832ca839b9bbf00cc83 3018046 java optional libtomcat6-java_6.0.26-5_all.deb
 9b0b30c05d43377371262c8015675d73 190782 java optional libservlet2.5-java_6.0.26-5_all.deb
 5d67523ffa320b9fbf0936a51f811475 253906 doc optional libservlet2.5-java-doc_6.0.26-5_all.deb
 33af204b3845d4b2199d9d73daa77e46 41798 java optional tomcat6-admin_6.0.26-5_all.deb
 084350d513bd50cfabaa376c3ce236e4 161032 java optional tomcat6-examples_6.0.26-5_all.deb
 a254d29f2f5934146cff9f02178c4fb3 520464 doc optional tomcat6-docs_6.0.26-5_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkwpAA0ACgkQfY3dicTPjsMmVQCeOGpG9dvw/g6C+9HCiMs4+RT8
fNcAn3QxS40OGBY3l9nxv7+yHqQjH5/g
=RtEi
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 02 Aug 2010 07:36:11 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:42:51 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started