This bug was fixed in the package tomcat6 - 6.0.26-5
---------------
tomcat6 (6.0.26-5) unstable; urgency=medium
* Convert patches to dep3 format.
* Backport security fix from trunk to fix CVE-2010-1157. (Closes: #587447)
* Set urgency to medium due to the security fix.
tomcat6 (6.0.26-4) unstable; urgency=low
[ Thierry Carrez ]
* Fix issues preventing from running Tomcat6 with a security manager:
- debian/tomcat6.init: Remove duplicate securitymanager options.
- debian/patches/catalina-sh-security-manager.patch: Use the right
location for the security.policy file in catalina.sh.
- Closes: #585379, LP: #591802. Thanks to Jeff Turner for the original
patches and to Adam Guthrie for the Lucid debdiff.
* Allow binding to any interface when using authbind, rather than only allow
binding to all (LP: #594989)
* Force backgrounding of catalina.sh in start-stop-daemon, to allow the init
script to be started through ssh -t (LP: #588481)
[ Torsten Werner ]
* Remove Paul from Uploaders list.
-- Thierry Carrez <thierry.car...@ubuntu.com> Tue, 13 Jul 2010 17:56:11
+0100
** Changed in: tomcat6 (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-1157
--
Lucid Lynx authbind defaults too restrictive
https://bugs.launchpad.net/bugs/594989
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
