Accepted tomcat6 6.0.41-2+squeeze5 (source all) into squeeze-lts, squeeze-lts
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 21 Nov 2014 20:08:38 +0100
Source: tomcat6
Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.4-java libservlet2.5-java libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs tomcat6-extras
Architecture: source all
Version: 6.0.41-2+squeeze5
Distribution: squeeze-lts
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Holger Levsen <holger@debian.org>
Description:
libservlet2.4-java - Transitional package for libservlet2.5-java
libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes
libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation
libtomcat6-java - Servlet and JSP engine -- core libraries
tomcat6 - Servlet and JSP engine
tomcat6-admin - Servlet and JSP engine -- admin web applications
tomcat6-common - Servlet and JSP engine -- common files
tomcat6-docs - Servlet and JSP engine -- documentation
tomcat6-examples - Servlet and JSP engine -- example web applications
tomcat6-extras - Servlet and JSP engine -- additional components
tomcat6-user - Servlet and JSP engine -- tools to create user instances
Closes: 299635 608286 654136 659748 664072 665393 666256 668761 671373 677912 682955 687818 692440 695250 713796 717279
Changes:
tomcat6 (6.0.41-2+squeeze5) squeeze-lts; urgency=medium
.
* Security upload by the Debian LTS team.
* The full list of changes between 6.0.35 (the version previously available
in squeeze) and 6.0.41 can be see in the upstream changelog, which is
available online at http://tomcat.apache.org/tomcat-6.0-doc/changelog.html
* This update fixes the following security issues:
- CVE-2014-0033: prevent remote attackers from conducting session
fixation attacks via crafted URLs.
- CVE-2013-4590: prevent "Tomcat internals" information leaks.
- CVE-2013-4322: prevent remote attackers from doing denial of service
attacks.
- CVE-2013-4286: reject requests with multiple content-length headers or
with a content-length header when chunked encoding is being used.
- Avoid CVE-2013-1571 when generating Javadoc.
- CVE-2012-3439: various improvements to the DIGEST authenticator.
* Thanks to Tony Mancill for doing the vast amount of the work for this
update!
* Downgrade debian/compat to 8 and reduce build-dependency do debhelper 8
to match the squeeze squeeze version
.
tomcat6 (6.0.41-2) unstable; urgency=medium
.
[ Emmanuel Bourg ]
* Updated the version required for libtcnative-1 (>= 1.1.30)
.
[ tony mancill ]
* Add patch for logfile compression. (Closes: #682955)
- Thank you to Thijs Kinkhorst.
.
tomcat6 (6.0.41-1) unstable; urgency=medium
.
* New upstream release.
- Refreshed the patches
.
tomcat6 (6.0.39-1) unstable; urgency=medium
.
* Team upload.
* New upstream release.
- Refreshed the patches
* Standards-Version updated to 3.9.5 (no changes)
* Switch to debhelper level 9
* Use XZ compression for the upstream tarball
* Use canonical URL for the Vcs-Git field
.
tomcat6 (6.0.37-1) unstable; urgency=low
.
* New upstream release.
- Drop patches for CVE-2012-4534, CVE-2012-4431, CVE-2012-3546,
CVE-2012-2733, CVE-2012-3439
- Drop 0011-CVE-02012-0022-regression-fix.patch
- Drop 0017-eclipse-compiler-update.patch
* Freshened remaining patches.
.
tomcat6 (6.0.35-7) unstable; urgency=low
.
* Team upload.
* Fixed the watch file
* Fix FTBFS with ecj 3.8 (closes: #717279, #713796)
* Updated the standards version to 3.9.4 - no changes
* Updated the Vcs-Git field to the canonical url
.
tomcat6 (6.0.35-6) unstable; urgency=high
.
* Acknowledge NMU: 6.0.35-5+nmu1 (Closes: #692440)
- Thank you to Michael Gilbert.
* Add patches for the following security issues: (Closes: #695250)
- CVE-2012-4534, CVE-2012-4431, CVE-2012-3546
.
tomcat6 (6.0.35-5+nmu1) unstable; urgency=high
.
* Non-maintainer upload.
* Fix multiple security issues (closes: #692440)
- cve-2012-2733: denial-of-service by triggering out of memory error.
- cve-2012-3439: multiple replay attack issues in digest authentication.
.
tomcat6 (6.0.35-5) unstable; urgency=low
.
* Apply patch to README.Debian to explain setting the HTTPOnly flag
in cookies by default; CVE-2010-4312. (Closes: #608286)
- Thank you to Thijs Kinkhorst for the patch.
* Use ucf and a template for /etc/logrotate.d/tomcat6 file to avoid
updating the shipped conffile. (Closes: #687818)
.
tomcat6 (6.0.35-4) unstable; urgency=low
.
[ tony mancill ]
* Team upload.
* Apply patch from James Page (Closes: #671373)
- d/tomcat6-instance-create: Quote access to files and directories
so that spaces can be used when creating user instances.
- d/tomcat6.init: Make NAME dynamic, to allow starting multiple
instances. (Closes: #299635)
.
[ Miguel Landaeta ]
* Add Slovak debconf translation (Closes: #677912).
- Thanks to Ivan Masár.
.
tomcat6 (6.0.35-3) unstable; urgency=low
.
[ Miguel Landaeta ]
* Add Replaces and Conflicts for libservlet2.5-java to overwrite files
in libservlet2.4-java. (Closes: #666256).
.
[ tony mancill ]
* Add libservlet2.4-java transitional package.
* Remove /etc/authbind/byuid, /etc/authbind in postrm. (Closes: #668761)
* Add 0011-CVE-2012-0022-regression-fix.patch. (Closes: #659748)
- Thank you to Marc Deslauriers
.
tomcat6 (6.0.35-2) unstable; urgency=low
.
[ tony mancill ]
* Remove Michael Koch from Uploaders. (Closes: #654136)
* Add Turkish debconf translation (Closes: #664072)
- Thanks to Atila KOÇ
* Remove libservlet2.5-doc dependency on libservlet2.5.
.
[ Miguel Landaeta ]
* Bump Standards-Version to 3.9.3. No changes were required.
* Provide 'debian' version symlink for Maven artifacts. (Closes: #665393).
Checksums-Sha1:
2afa377de240513a32dcce9c7e1ed85e113f79da 2364 tomcat6_6.0.41-2+squeeze5.dsc
6f258c09301706029530426399ffce4ed403b261 45927 tomcat6_6.0.41-2+squeeze5.debian.tar.gz
e2ff0a6d9731e0f830289fac92398ddd08b18b73 56226 tomcat6-common_6.0.41-2+squeeze5_all.deb
33338bd531d7d6f4dd75bed6c7c0478598801b8a 50776 tomcat6_6.0.41-2+squeeze5_all.deb
49fde71c9cd04cd613b569cf7c7cbf4be7a75012 40298 tomcat6-user_6.0.41-2+squeeze5_all.deb
432092d6203d281769c8affe1130c8bbf523efa1 3150660 libtomcat6-java_6.0.41-2+squeeze5_all.deb
8a1b07725478a0184a7d00f828cbc5dbce032aa0 14266 libservlet2.4-java_6.0.41-2+squeeze5_all.deb
b389e9b75f2fea3308292a8837de0e22b7971a82 240264 libservlet2.5-java_6.0.41-2+squeeze5_all.deb
1d1de16a22b57fcedf1213be726554ab816b8308 259210 libservlet2.5-java-doc_6.0.41-2+squeeze5_all.deb
3987ed0aec45d0f4b31f6f1d140efac0e49c0e18 49594 tomcat6-admin_6.0.41-2+squeeze5_all.deb
c7634466ca6467c9f9fae497fd52218e03d16f07 164700 tomcat6-examples_6.0.41-2+squeeze5_all.deb
e4094cfbde82edb1db6fc8c4b7dc674331325298 589422 tomcat6-docs_6.0.41-2+squeeze5_all.deb
c9456a605551c9cc6f59f5705eac5dbe51f67f77 14546 tomcat6-extras_6.0.41-2+squeeze5_all.deb
Checksums-Sha256:
65c379b50086740acefc0616982db3843c86029d249641496ec9aebbd166ae90 2364 tomcat6_6.0.41-2+squeeze5.dsc
e7a77010cbdf2271818798f9ff15efb2114f1ec4774a10a566dbe29f14af9105 45927 tomcat6_6.0.41-2+squeeze5.debian.tar.gz
b72423aee92bda30188cb66d67cccd72f449e20331c0c435f1a1472ee5f4b97b 56226 tomcat6-common_6.0.41-2+squeeze5_all.deb
cc0431802f0a375e9498256ac9d4e4aee7cd760c8b5d23c1663799df76cc7d95 50776 tomcat6_6.0.41-2+squeeze5_all.deb
c4276f0d4b5d11cf40912f4bdfc3e29dcbf18e2b436e1ac7adfef7cfec438070 40298 tomcat6-user_6.0.41-2+squeeze5_all.deb
a6dd7a89ffd25383b84ecc0ba049b82c4eb3a801e8ba17cdbe60f15ad8bfc2c1 3150660 libtomcat6-java_6.0.41-2+squeeze5_all.deb
ec51f5bf912191c761f12b733660a0cd1a65860510b10f7ac5d5cf32c448c295 14266 libservlet2.4-java_6.0.41-2+squeeze5_all.deb
827cf919c39277abecd7d9bdeb6f42ac37a1379f1022326f662a03ab8444cbac 240264 libservlet2.5-java_6.0.41-2+squeeze5_all.deb
dee98af9305612fac85b0ae73646b0ac08b219958fb1287d19378614c6628ac0 259210 libservlet2.5-java-doc_6.0.41-2+squeeze5_all.deb
164fa991590bf0aafe4115bb57f90fe198ad0a0abcd664eba24fcf506d51ba14 49594 tomcat6-admin_6.0.41-2+squeeze5_all.deb
4dd530d6ed88200e1f22de292fddd2d1549e1eaac3acf9a2fa6f914ee33fe00c 164700 tomcat6-examples_6.0.41-2+squeeze5_all.deb
36b8b79ccb7f7147fdb9757699b82bd390ba7162c69a4429fea1831d21b7503f 589422 tomcat6-docs_6.0.41-2+squeeze5_all.deb
d203ff134157c175661bbd189d606e64a643756375b6e945a3c33e39cc44b121 14546 tomcat6-extras_6.0.41-2+squeeze5_all.deb
Files:
3f6fe72d418e89e88d30530ebd377fe8 2364 java optional tomcat6_6.0.41-2+squeeze5.dsc
2f30e0660a8bc90344e9816bc9163f58 45927 java optional tomcat6_6.0.41-2+squeeze5.debian.tar.gz
44a43f7ffd97c40c5e539d9c81c22f8f 56226 java optional tomcat6-common_6.0.41-2+squeeze5_all.deb
87b515355995b25dcbb43bbf48312715 50776 java optional tomcat6_6.0.41-2+squeeze5_all.deb
49470f8953f8c60bbb800dd821feb1f3 40298 java optional tomcat6-user_6.0.41-2+squeeze5_all.deb
8f17d370e9c71ab057dfd55f2516ae7a 3150660 java optional libtomcat6-java_6.0.41-2+squeeze5_all.deb
9732f2123ea3dc63c65d53de7305d156 14266 oldlibs extra libservlet2.4-java_6.0.41-2+squeeze5_all.deb
7b52af0578cb6c951b8354d7201734be 240264 java optional libservlet2.5-java_6.0.41-2+squeeze5_all.deb
596a672e5b5066dd3128870159a3f0d1 259210 doc optional libservlet2.5-java-doc_6.0.41-2+squeeze5_all.deb
6d7607d9b0435cc844313190bc347312 49594 java optional tomcat6-admin_6.0.41-2+squeeze5_all.deb
2262a6743e9cdc5a8602a11dd176ac6d 164700 java optional tomcat6-examples_6.0.41-2+squeeze5_all.deb
305c08a212ac5894bfa5f46cfbb657ab 589422 doc optional tomcat6-docs_6.0.41-2+squeeze5_all.deb
5bbc9a75e22952fe43ec0633c3155c84 14546 java optional tomcat6-extras_6.0.41-2+squeeze5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIVAwUBVHIB8QkauFYGmqocAQqYOQ//d2ednre1oPNRCAOxaBJ14CO8pOqX6ocF
yFHiWFaCe66K7UVIRtqyXX6JgeEyjyckL+CvpHW03dBfxP4wmFTr4IOI+LDqoQC6
MIdKSxYzHJQ8k92nQtsr0g9FBSajTRePNat3d0xjWRixObmkx8lci3dzAuuLJUC6
FwmogIEzSjYO1CDa8nxjeGNB2k3E6DLZ3Tj+CzBCMMkrvc/yYMV/RHpE6nV/SZro
U9IzA8q6jPNR/Ec9C0rygoeSN69viD3X8EbyPDcUG8LdyIP4trV32AkjbaoMAkK1
O1z+hVDmpJEqIQ8NKSR42qPnLbHX4+xDgOV/IHzzaj9NgRhAbp0HXPQgiPrT6vix
/OThgNy5ODpAtLOL9e6L+Fq41YUX/A1o9YOQK+/JYPfpSsMLtSCAQFC3rINoZiRv
LoizwTp3Tht+tnTeoPWx9dTcV9GGUpeXlD1Sg4EIN31NwSFJ0ru1P7ycVXT8lNdB
+l8/w5ngROjU6Yins7V8zjqFnqH7kFweEg/iQbXq5Wh+FoxScLJZ+QNGgHOqZi8a
fVmtSt1p2Nd8to6U3g/3ZZw4tJ1Mqybc4vGlHzujFuD1K//Y0lvGc9FNLZwY9Qxh
m9bIQxkJy6rlesPuVgBxH3Tzc4A4hwq2tIrrJoQh7Hpf+plKzbpSqCN4HEoSv7f4
oIxMvmzrepQ=
=yw6V
-----END PGP SIGNATURE-----