Your message dated Mon, 14 Feb 2011 01:53:35 +0000
with message-id <[email protected]>
and subject line Bug#612257: fixed in tomcat6 6.0.28-9+squeeze1
has caused the Debian Bug report #612257,
regarding Three Tomcat vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
612257: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612257
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: tomcat6
Version: Three Tomcat vulnerabilities
Severity: grave
Tags: security
CVE-2011-0534, CVE-2011-0013 and CVE-2010-3718 need to be
fixed in squeeze-security and unstable:
http://tomcat.apache.org/security-6.html
Cheers,
Moritz
-- System Information:
Debian Release: 5.0.1
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.32-ucs35-amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
--- End Message ---
--- Begin Message ---
Source: tomcat6
Source-Version: 6.0.28-9+squeeze1
We believe that the bug you reported is fixed in the latest version of
tomcat6, which is due to be installed in the Debian FTP archive:
libservlet2.5-java-doc_6.0.28-9+squeeze1_all.deb
to main/t/tomcat6/libservlet2.5-java-doc_6.0.28-9+squeeze1_all.deb
libservlet2.5-java_6.0.28-9+squeeze1_all.deb
to main/t/tomcat6/libservlet2.5-java_6.0.28-9+squeeze1_all.deb
libtomcat6-java_6.0.28-9+squeeze1_all.deb
to main/t/tomcat6/libtomcat6-java_6.0.28-9+squeeze1_all.deb
tomcat6-admin_6.0.28-9+squeeze1_all.deb
to main/t/tomcat6/tomcat6-admin_6.0.28-9+squeeze1_all.deb
tomcat6-common_6.0.28-9+squeeze1_all.deb
to main/t/tomcat6/tomcat6-common_6.0.28-9+squeeze1_all.deb
tomcat6-docs_6.0.28-9+squeeze1_all.deb
to main/t/tomcat6/tomcat6-docs_6.0.28-9+squeeze1_all.deb
tomcat6-examples_6.0.28-9+squeeze1_all.deb
to main/t/tomcat6/tomcat6-examples_6.0.28-9+squeeze1_all.deb
tomcat6-user_6.0.28-9+squeeze1_all.deb
to main/t/tomcat6/tomcat6-user_6.0.28-9+squeeze1_all.deb
tomcat6_6.0.28-9+squeeze1.debian.tar.gz
to main/t/tomcat6/tomcat6_6.0.28-9+squeeze1.debian.tar.gz
tomcat6_6.0.28-9+squeeze1.dsc
to main/t/tomcat6/tomcat6_6.0.28-9+squeeze1.dsc
tomcat6_6.0.28-9+squeeze1_all.deb
to main/t/tomcat6/tomcat6_6.0.28-9+squeeze1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
tony mancill <[email protected]> (supplier of updated tomcat6 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 12 Feb 2011 14:17:29 -0800
Source: tomcat6
Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.5-java
libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs
Architecture: source all
Version: 6.0.28-9+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: tony mancill <[email protected]>
Description:
libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes
libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation
libtomcat6-java - Servlet and JSP engine -- core libraries
tomcat6 - Servlet and JSP engine
tomcat6-admin - Servlet and JSP engine -- admin web applications
tomcat6-common - Servlet and JSP engine -- common files
tomcat6-docs - Servlet and JSP engine -- documentation
tomcat6-examples - Servlet and JSP engine -- example web applications
tomcat6-user - Servlet and JSP engine -- tools to create user instances
Closes: 612257
Changes:
tomcat6 (6.0.28-9+squeeze1) stable-security; urgency=high
.
* Team upload.
* Update Vcs-* fields in debian/control to track security branch.
* Add patches for CVE-2011-0534, CVE-2010-3718, CVE-2011-0013
Thanks to Moritz Muehlenhoff (Closes: #612257)
Checksums-Sha1:
17c096365bd465f1605dd2dda35c0c1ebf00d65b 2333 tomcat6_6.0.28-9+squeeze1.dsc
3f97860913d29f9e28016bd1844d161ce6542c59 3114279 tomcat6_6.0.28.orig.tar.gz
4f1aac30c06eaed776a5fe02198aba581e8e57e4 44771
tomcat6_6.0.28-9+squeeze1.debian.tar.gz
d4d559bf64e253c494a6e7f025d3deb7261f51d0 49146
tomcat6-common_6.0.28-9+squeeze1_all.deb
591ba11f1ebc032bb5b8a530ae7c928ff840e81a 36528
tomcat6_6.0.28-9+squeeze1_all.deb
7b993f10e2d15967a7cbae6143115dab82503da7 26936
tomcat6-user_6.0.28-9+squeeze1_all.deb
65fb23ac7773876d0131c92bed58366a9d8e7bc6 3025822
libtomcat6-java_6.0.28-9+squeeze1_all.deb
0af8326c03e5e5d10b66689dc291cf9ba301dcae 192196
libservlet2.5-java_6.0.28-9+squeeze1_all.deb
f844332fc64efe2e2f9063a2a41525941bc8aa15 256016
libservlet2.5-java-doc_6.0.28-9+squeeze1_all.deb
b743e13220c6c47bb418638cf87c877b89fd0763 43112
tomcat6-admin_6.0.28-9+squeeze1_all.deb
758007e080b75b204c05d27529d404f48580a345 162486
tomcat6-examples_6.0.28-9+squeeze1_all.deb
73473c496ed6d00bb83e2672178f29cfbe17e43e 532580
tomcat6-docs_6.0.28-9+squeeze1_all.deb
Checksums-Sha256:
49d6b8b714650b9a1b30210fa57eb4915db3fa935a4d3e76a6f69c8f630a8a7e 2333
tomcat6_6.0.28-9+squeeze1.dsc
4a871c7725aacaa575996b8ef5d4c9bc675586cc4061729b5ce73cd3438e7e06 3114279
tomcat6_6.0.28.orig.tar.gz
fee7aec6ad2996da6f8cf2c26a8efdf9f1b5a6269ac7d86c83b16be7ff9a1468 44771
tomcat6_6.0.28-9+squeeze1.debian.tar.gz
40fa0f30b531335877447898db6f337c85a75c7b3d7328cf0c69a6ff683017ee 49146
tomcat6-common_6.0.28-9+squeeze1_all.deb
fec9044cbc9352c1de1b118b4ca8e6e492415e920fdf56843b9e4abc35411572 36528
tomcat6_6.0.28-9+squeeze1_all.deb
eb3b71dae1c982c09324ab10b385b20491819f3b64c2bcfdd46ef6404fa48d87 26936
tomcat6-user_6.0.28-9+squeeze1_all.deb
af009f96f98750ffe2bb9cad20094b967b8081a3cc160e18e4d8866bba8fec91 3025822
libtomcat6-java_6.0.28-9+squeeze1_all.deb
692c1237fe5de7847f80117f53361219eef8dea266c0fbdc645a29e2953c8be2 192196
libservlet2.5-java_6.0.28-9+squeeze1_all.deb
5728456cf237e55c9eb69749dbae77bf441ace2a1f27278d3c30dbe57849f112 256016
libservlet2.5-java-doc_6.0.28-9+squeeze1_all.deb
587b5e04b0033edfc0099231ad241767b510aee15a1394d61d09c78c8778d155 43112
tomcat6-admin_6.0.28-9+squeeze1_all.deb
433ee8248f0cb3dc085b25b18807197d15899c8250d85d1a69b3a155abe79df2 162486
tomcat6-examples_6.0.28-9+squeeze1_all.deb
2bbc73dbf1e1ab32cb4f38ec7ad1acb2e2c444425aab214144a1e0e48fe60eb3 532580
tomcat6-docs_6.0.28-9+squeeze1_all.deb
Files:
a5906d0c96437fc9c93a83fbcbfabe27 2333 java optional
tomcat6_6.0.28-9+squeeze1.dsc
c3d696609054be07a55c14a7de1b8ddf 3114279 java optional
tomcat6_6.0.28.orig.tar.gz
4c5249459a64910fa5b677d4a3172a16 44771 java optional
tomcat6_6.0.28-9+squeeze1.debian.tar.gz
9ca10ba57a2d76859c4bba6e9f67f077 49146 java optional
tomcat6-common_6.0.28-9+squeeze1_all.deb
81c98eb864f29be1d69142ad432c3108 36528 java optional
tomcat6_6.0.28-9+squeeze1_all.deb
0831ea79058c73b7e2e72c871c746445 26936 java optional
tomcat6-user_6.0.28-9+squeeze1_all.deb
ffeaf6919bf2785453a1f4a992709e13 3025822 java optional
libtomcat6-java_6.0.28-9+squeeze1_all.deb
819ecca72a435e1d961bb1887691e1a9 192196 java optional
libservlet2.5-java_6.0.28-9+squeeze1_all.deb
3d9280d82651f73dcd9753ec3cb98b16 256016 doc optional
libservlet2.5-java-doc_6.0.28-9+squeeze1_all.deb
dccb9a1778d30d8d76cb81066df69873 43112 java optional
tomcat6-admin_6.0.28-9+squeeze1_all.deb
4d67529f19a333b0591e485fd6892d8a 162486 java optional
tomcat6-examples_6.0.28-9+squeeze1_all.deb
f70c8bf04804a774a9f91979e5e4f256 532580 doc optional
tomcat6-docs_6.0.28-9+squeeze1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJNWBcfAAoJECHSBYmXSz6WV/0QAIIRKLePjgz8bcge1+ANaOY0
gPDJ8SRjZDi+9vvRY6N+DS8waRmqYj4zdh/FcE06n8h6vRm6HXKoZYks03hG7G8J
PgZZaShyk3z/a+jZF4DLWLI6c7PUiPai1QbI/nu8eNn79R8/HI8afgV2iPhMy6xb
FsRQboBe4xewzxI/hL8wW8k5bytkcrIItHeE4gZ8lTR55q4jNG13wcZd9OlH7yHD
Z4AberZDWhCgnVgpdeJUFx5HyGJ865s08OeaNIKPr6xBVnYfoGp5xVJYhs5S8A90
v0zFZAzsilz4+UCnFJ8XLKGxwcFNKztHUP6RXSp2pCVeHwEChFSwZEuVtQ+BfC8q
J52JRW8MKJEuE+An6xu7zCU9iQ/DzC1fx03uBz9htSFDtPDiX5Y3jQiK3utfK5Gm
FoOPrhhj6l2kIJMgA6fWyczgSNSNJC9Tvx1F3NKQl05SK+e3r2Yn2JDq2M5+8nkP
x76Vuv3MZKo8T6I41fQuyHWmVXh33jb/DaMMJhOI7KJ4qhvtuOGujnWA9LEHz344
TsiXmwvICQoc2bJCECU4PzLshKBvtN75beYctqU/iIhKUsjibJoWzrN18MCvCV9U
q0+G01Mm8jeiFaVddzhyUHxhIC4TffO5ClxVBM12TzE+Dge4zn3wccZT2hBTxKB2
TGwvOZ/tZUeqkZ+14stl
=2evv
-----END PGP SIGNATURE-----
--- End Message ---
