tomcat7 7.0.42-1ubuntu0.1 source package in Ubuntu
Changelog
tomcat7 (7.0.42-1ubuntu0.1) saucy-security; urgency=medium
* SECURITY UPDATE: request smuggling attack via content-length headers
- debian/patches/CVE-2013-4286.patch: use long as content length in
java/org/apache/coyote/Request.java, handle multiple content lengths
in java/org/apache/coyote/ajp/AbstractAjpProcessor.java, handle
content length and chunked encoding being both specified in
java/org/apache/coyote/http11/AbstractHttp11Processor.java.
- CVE-2013-4286
* SECURITY UPDATE: denial of service via chunked transfer coding
- debian/patches/CVE-2013-4322.patch: enforce maximum size in
java/org/apache/coyote/http11/{AbstractHttp11Processor.java,
AbstractHttp11Protocol.java, Http11AprProcessor.java,
Http11AprProtocol.java, Http11NioProcessor.java,
Http11NioProtocol.java, Http11Processor.java, Http11Protocol.java},
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java,
test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java,
webapps/docs/config/http.xml.
- CVE-2013-4322
* SECURITY UPDATE: denial of service via malformed content-type header
- debian/patches/CVE-2014-0050.patch: validate sizes in
java/org/apache/tomcat/util/http/fileupload/FileUploadBase.java,
java/org/apache/tomcat/util/http/fileupload/MultipartStream.java.
- CVE-2014-0050
-- Marc Deslauriers <email address hidden> Tue, 04 Mar 2014 10:22:07 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Saucy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- java
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| tomcat7_7.0.42.orig.tar.gz | 4.0 MiB | 2d9bbfd172fe5455c4895ce2086cca42eeaa2b34a052c8c2326eae0c6a0702de |
| tomcat7_7.0.42-1ubuntu0.1.debian.tar.gz | 52.5 KiB | 4d1008a1c082f7b1fc18ff9f1979374938ee7f8179b4e8f1157d22a62678ed8f |
| tomcat7_7.0.42-1ubuntu0.1.dsc | 2.7 KiB | 6fedb1cec92ba2a0c2569912084c51649821954b7b2b42355b8653f27750aca9 |
Available diffs
Binary packages built by this source
- libservlet3.0-java: No summary available for libservlet3.0-java in ubuntu saucy.
No description available for libservlet3.0-java in ubuntu saucy.
- libservlet3.0-java-doc: No summary available for libservlet3.0-java-doc in ubuntu saucy.
No description available for libservlet3.
0-java- doc in ubuntu saucy.
- libtomcat7-java: No summary available for libtomcat7-java in ubuntu saucy.
No description available for libtomcat7-java in ubuntu saucy.
- tomcat7: No summary available for tomcat7 in ubuntu saucy.
No description available for tomcat7 in ubuntu saucy.
- tomcat7-admin: No summary available for tomcat7-admin in ubuntu saucy.
No description available for tomcat7-admin in ubuntu saucy.
- tomcat7-common: No summary available for tomcat7-common in ubuntu saucy.
No description available for tomcat7-common in ubuntu saucy.
- tomcat7-docs: No summary available for tomcat7-docs in ubuntu saucy.
No description available for tomcat7-docs in ubuntu saucy.
- tomcat7-examples: No summary available for tomcat7-examples in ubuntu saucy.
No description available for tomcat7-examples in ubuntu saucy.
- tomcat7-user: No summary available for tomcat7-user in ubuntu saucy.
No description available for tomcat7-user in ubuntu saucy.
