Public bug reported: Binary package hint: tomcat5.5
Please consider merging tomcat5.5 from Debian unstable as it contains fixes for several CVE's and important packaging fixes. Ubuntu changes that can be dropped: - Build-depends on xsltproc: tomcat5.5 package used to build documentation using xsltproc, but is now using Xalan-Java (libxalan2-java). I reckon the build dependency was unnecessarily carried around during merges as Debian stopped using it since 5.5.20-2 (related patches were dropped as well). It's not used in build process and the documentation looks the same with or without it. (http://www.mail-archive.com/[EMAIL PROTECTED]/msg11269.html and Debian 5.5.20-2 changelog entry). New Ubuntu changes are bugfixes, forwarded as: * Opened http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=458411 * Reopened http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452366 New Debian version also fixes Bug #173692 and Bug #161882. New Debian changes: tomcat5.5 (5.5.25-4) unstable; urgency=high * CVE-2007-5342: Fix unauthorized modification of data because of too open permissions. Closes: #458237. * Always clean temporary directory on startup. Closes: #456608. -- Michael Koch <[EMAIL PROTECTED]> Sat, 29 Dec 2007 20:15:40 +0100 tomcat5.5 (5.5.25-3) unstable; urgency=low * debian/libtomcat5.5-java.links: Removed links for xml-apis.jar and xercesImpl.jar. Closes: #443382, #455495. * Added libgnumail-java to Build-Depends. Closes: #454312. * Updated Standards-Version to 3.7.3. -- Michael Koch <[EMAIL PROTECTED]> Thu, 13 Dec 2007 22:15:18 +0100 tomcat5.5 (5.5.25-2) unstable; urgency=high [ Michael Koch ] CVE-2007-5461: * Fix absolute path traversal vulnerability. Closes: #448664. [ Marcus Better ] * Add required commons-io symlink to the admin webapp, which fixes WAR file uploads. (Closes: #452366) * debian/control: Use the new Homepage and Vcs-* fields. * debian/NEWS: Remove outdated entry. -- Michael Koch <[EMAIL PROTECTED]> Fri, 30 Nov 2007 10:46:33 +0100 ** Affects: tomcat5.5 (Ubuntu) Importance: Undecided Status: New -- please merge tomcat5.5 (5.5.25-4) from Debian unstable (main) https://bugs.launchpad.net/bugs/179491 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
