Debian Bug report logs -
#634992
CVE-2011-2526: Restriction bypass
Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Thu, 21 Jul 2011 14:48:05 UTC
Severity: grave
Tags: security
Fixed in version tomcat7/7.0.19-1
Done: tony mancill <tmancill@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#634992; Package tomcat7.
(Thu, 21 Jul 2011 14:48:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>.
(Thu, 21 Jul 2011 14:48:08 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: tomcat7
Severity: grave
Tags: security
Please see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526
http://tomcat.apache.org/security-7.html
The same applies to Tomcat 6 and Tomcat 5.5
Cheers,
Moritz
Reply sent
to tony mancill <tmancill@debian.org>:
You have taken responsibility.
(Tue, 26 Jul 2011 06:21:06 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer.
(Tue, 26 Jul 2011 06:21:06 GMT) (full text, mbox, link).
Message #10 received at 634992-close@bugs.debian.org (full text, mbox, reply):
Source: tomcat7
Source-Version: 7.0.19-1
We believe that the bug you reported is fixed in the latest version of
tomcat7, which is due to be installed in the Debian FTP archive:
libservlet3.0-java-doc_7.0.19-1_all.deb
to main/t/tomcat7/libservlet3.0-java-doc_7.0.19-1_all.deb
libservlet3.0-java_7.0.19-1_all.deb
to main/t/tomcat7/libservlet3.0-java_7.0.19-1_all.deb
libtomcat7-java_7.0.19-1_all.deb
to main/t/tomcat7/libtomcat7-java_7.0.19-1_all.deb
tomcat7-admin_7.0.19-1_all.deb
to main/t/tomcat7/tomcat7-admin_7.0.19-1_all.deb
tomcat7-common_7.0.19-1_all.deb
to main/t/tomcat7/tomcat7-common_7.0.19-1_all.deb
tomcat7-docs_7.0.19-1_all.deb
to main/t/tomcat7/tomcat7-docs_7.0.19-1_all.deb
tomcat7-examples_7.0.19-1_all.deb
to main/t/tomcat7/tomcat7-examples_7.0.19-1_all.deb
tomcat7-user_7.0.19-1_all.deb
to main/t/tomcat7/tomcat7-user_7.0.19-1_all.deb
tomcat7_7.0.19-1.debian.tar.gz
to main/t/tomcat7/tomcat7_7.0.19-1.debian.tar.gz
tomcat7_7.0.19-1.dsc
to main/t/tomcat7/tomcat7_7.0.19-1.dsc
tomcat7_7.0.19-1_all.deb
to main/t/tomcat7/tomcat7_7.0.19-1_all.deb
tomcat7_7.0.19.orig.tar.gz
to main/t/tomcat7/tomcat7_7.0.19.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 634992@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
tony mancill <tmancill@debian.org> (supplier of updated tomcat7 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 25 Jul 2011 22:58:33 -0700
Source: tomcat7
Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs
Architecture: source all
Version: 7.0.19-1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: tony mancill <tmancill@debian.org>
Description:
libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes
libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation
libtomcat7-java - Servlet and JSP engine -- core libraries
tomcat7 - Servlet and JSP engine
tomcat7-admin - Servlet and JSP engine -- admin web applications
tomcat7-common - Servlet and JSP engine -- common files
tomcat7-docs - Servlet and JSP engine -- documentation
tomcat7-examples - Servlet and JSP engine -- example web applications
tomcat7-user - Servlet and JSP engine -- tools to create user instances
Closes: 634992
Changes:
tomcat7 (7.0.19-1) unstable; urgency=high (security)
.
* Team upload.
* New upstream release.
- Includes fix for CVE-2011-2526 (Closes: #634992)
* Remove patch for CVE-2011-2204 (included upstream).
Checksums-Sha1:
cab6a8402e5b604478bbf7600d38f295368ffef1 2168 tomcat7_7.0.19-1.dsc
951042eca5b38f0d43810a9bece9c626dee63ff4 3757384 tomcat7_7.0.19.orig.tar.gz
8ad4e07d4be44a1a914fb5e853b5adc984548c2b 39298 tomcat7_7.0.19-1.debian.tar.gz
d4399f51aca03126aaaf492b4588148926a95565 53930 tomcat7-common_7.0.19-1_all.deb
2b369d8ab49027c6f64cf078c42be6c927c34c06 45240 tomcat7_7.0.19-1_all.deb
9ccd262304c653cf93783cb3132f040ed10012a3 35200 tomcat7-user_7.0.19-1_all.deb
415f94e4b7de3cc07d9f9975f8c4a77baa2f6b93 3370432 libtomcat7-java_7.0.19-1_all.deb
191ee2ed62080b1d1f7a8e286cd667d7aa4ef868 299258 libservlet3.0-java_7.0.19-1_all.deb
1d784030d4a3df0038e76a3866ae9c5b730322bb 298006 libservlet3.0-java-doc_7.0.19-1_all.deb
480e07898c39df499f39af03134d3707a208f032 48222 tomcat7-admin_7.0.19-1_all.deb
398ee2e20917cf24db0eb5e78c7e3ab78b4f672a 178386 tomcat7-examples_7.0.19-1_all.deb
87249ee867cc7d75ae5f2db265cf1e3192875f08 595574 tomcat7-docs_7.0.19-1_all.deb
Checksums-Sha256:
a89a778d5e69b2567cb9cb2a26db8305fd88a793703b4229b9ac7bfedef5720e 2168 tomcat7_7.0.19-1.dsc
22d1d4ea66f31cb7513ab58c1ae0891797e373b24e07211894cedc1fc5f62bb6 3757384 tomcat7_7.0.19.orig.tar.gz
d10b103f4ca7c2adc9590b51dbc6efa8f42e701827ee66c4374427d710111cc3 39298 tomcat7_7.0.19-1.debian.tar.gz
15a653e8b4fb62c670d7d279275cb5b0b2a003c013281bc20dc997ad3efb444a 53930 tomcat7-common_7.0.19-1_all.deb
b05981de356435b5491a8a5a492df5e40b7784818b4bde2cd9e1c888ef8ff376 45240 tomcat7_7.0.19-1_all.deb
ceac4ca2acba3ba24cfa26602f1d980e08b2ad126d1ca5578846009cb7913bf6 35200 tomcat7-user_7.0.19-1_all.deb
2076e38b1e2023259e3f9816562cb0b94cba0f792ae14d92e416e367ed9dfe73 3370432 libtomcat7-java_7.0.19-1_all.deb
be107d7732a3df833a3a9a33095213c959b3b81cd7fa2826d8feebc173797709 299258 libservlet3.0-java_7.0.19-1_all.deb
34591128e4f2c1e421e38b5803719c64850dafb366181afc4065e3cc31761dfb 298006 libservlet3.0-java-doc_7.0.19-1_all.deb
4555678ae4847ce15989b57a89c169f2cca3ee8f7665bf91c65bca4792bda570 48222 tomcat7-admin_7.0.19-1_all.deb
c047d8bd7c5741f74e06aac40226ad30415a9e2ce3cfb627e36a9ff972d08376 178386 tomcat7-examples_7.0.19-1_all.deb
83a384c300335f5a7c29a9aa434b269bf69b925fc8addbc4bf9b740a904bc924 595574 tomcat7-docs_7.0.19-1_all.deb
Files:
319e4ffdab9dce06b80aafdd166b35bf 2168 java optional tomcat7_7.0.19-1.dsc
9105293807b768c029952fed1c190c74 3757384 java optional tomcat7_7.0.19.orig.tar.gz
ea12fc7d55a42cc749c2f09e526baa44 39298 java optional tomcat7_7.0.19-1.debian.tar.gz
197375b91ba1dbc0f3ed2286250de6b8 53930 java optional tomcat7-common_7.0.19-1_all.deb
d7007d2b60003afa4bbaad47677b0ed8 45240 java optional tomcat7_7.0.19-1_all.deb
d763afa3dc442b6a2ce059a56075e77d 35200 java optional tomcat7-user_7.0.19-1_all.deb
5b45b3e90df44c96296de2a46778e85c 3370432 java optional libtomcat7-java_7.0.19-1_all.deb
1e082b91fc0061c7fbee3d7dace17fa2 299258 java optional libservlet3.0-java_7.0.19-1_all.deb
64aeaacadabcf6f9e01d063adec665ff 298006 doc optional libservlet3.0-java-doc_7.0.19-1_all.deb
6f3ed4d45c7626407f3fae1c0adf7ad4 48222 java optional tomcat7-admin_7.0.19-1_all.deb
c43716a103375a2ec76ce7c968b73f00 178386 java optional tomcat7-examples_7.0.19-1_all.deb
e0270953e016ac6fab8895e10396ee6b 595574 doc optional tomcat7-docs_7.0.19-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJOLljJAAoJECHSBYmXSz6WSTAQAKchrkc2xBRX7DUHc/CEoj5j
80ObM7I7Eodk0Bvm2MSJ1FUG3vAZiDXlt9mEv1HKS6bhTDbpEQ+PdaDW3XRWtfGG
vHsE6uvzCcw+vnNHg+GzmT8J2ns9Io6ZyTvfzOdpbwKjNVWgiR5yAzafAWnYR9w9
T9yXTNJ48NWUY9WSsy9i3q36WnnhP/DDkdAGdAyo320gg+5pSe4GIZVpBUzMKZWb
byiWLb1H83vtu3i63jKEV6i2YS/OJCcn1qshqCX+wJTYWDXzmfx9LT7nLddE1Pbl
jCcbddHaC2vkxnap8Qeu6QQygjB7vRrDrZklcq+/RMe7f6DJA7yiInSAvJA1vObx
PJMVyhZI567MQqPOzYWuN7TFF9ARAFXB8L/J+V7iDZpPiLFQFzpK4qv7AEDMMfgq
oYNFgn+byP9CoAGL0mc3/38yV8fS3MVHMiSbQh6+j9Q47oUTj0n/yDa2vAyvLClN
8w9L17D5IQaa8COYLOHd7FsGrbHIOVCu2saqN9Z0LwEXOiXzcoKEnJkAR1m+5zpM
h/dQUqwNSHp0Ri4GO/IfmZruurQvcYKIAnw75rbB1M2pjPwFDa++rw1c9TybYkna
ZrpKHk6ykjVvaJ4US0zZAoa/325nUsTqDiiOc2vGXkmzlzRpc2OrCLw01PmGVuYj
aakHyera16K22Fr7KN6N
=chva
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 25 Aug 2011 08:12:34 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:15:07 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon