SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for tomcat6-webapps-6.0.18-16.8.1.noarch.rpm :
Tue Oct 18 14:00:00 2011 wrAATTrosenauer.org
- fix bnc#715991 - VUL-0: tomcat authentication bypass and information
disclosure (CVE-2011-3190)

* http://svn.apache.org/viewvc?view=revision&revision=1162959

Wed Sep 7 14:00:00 2011 lijewski.stefanAATTgmail.com
- fix bnc#706404 - VUL-0: tomcat user password information leak (CVE-2011-2204)

* http://svn.apache.org/viewvc?view=revision&revision=1140071
- fix bnc#706382 - VUL-0: tomcat information leak and DoS (CVE-2011-2526)

* http://svn.apache.org/viewvc?view=revision&revision=1146703
- fix bnc#702289 - suse manager pam ldap authentication fails

* source CATALINA_HOME/bin/setenv.sh if exists

Thu Mar 3 13:00:00 2011 wrAATTrosenauer.org
- fix bnc#669897 - VUL-0: tomcat6: Apache Tomcat Local bypass of security
manger file permissions (CVE-2010-3781)

* http://svn.apache.org/viewvc?view=revision&revision=1022560
- fix bnc#669929 - VUL-0: tomcat6: Apache Tomcat Manager XSS vulnerability
(CVE-2011-0013)

* http://svn.apache.org/viewvc?view=revision&revision=1057270
- fix bnc#669930 - VUL-0: tomcat6: Apache Tomcat DoS vulnerability
(CVE-2011-0534)

* http://svn.apache.org/viewvc?view=revision&revision=1066313

Fri Jan 28 13:00:00 2011 wrAATTrosenauer.org
- fix bnc#655440 - VUL-0: tomcat6: Apache Tomcat Manager application XSS
vulnerability (CVE-2010-4172)
http://svn.apache.org/viewvc?view=revision&revision=1037779

* clean workdir of tomcat6\'s webapps

Thu Jul 15 14:00:00 2010 mvyskocilAATTsuse.cz
- fix bnc#599554: VUL-1: tomcat information disclosure (CVE-2010-1157)

* http://svn.apache.org/viewvc?view=revision&revision=936540
- fix bnc#622188: VUL-0: tomcat: remote DoS / information disclosure
(CVE-2010-2227)

* http://svn.apache.org/viewvc?view=revision&revision=958977
- link dtomcat6 to CATALINA_HOME/bin/catalina.sh

Thu Feb 4 13:00:00 2010 mvyskocilAATTsuse.cz
- fixed bnc#575083 - VUL-0: tomcat directoy traversal bugs
CVE-2009-2693, CVE-2009-2901, CVE-2009-2902

* http://svn.apache.org/viewvc?view=revision&revision=892815

Wed Jun 10 14:00:00 2009 mvyskocilAATTsuse.cz
- fixed bnc#509839:
CVE-2009-0781

* http://svn.apache.org/viewvc?view=rev&revision=750924
CVE-2009-0783

* http://svn.apache.org/viewvc?view=rev&revision=739522
CVE-2008-5515

* http://svn.apache.org/viewvc?view=rev&revision=739532

Mon Jun 8 14:00:00 2009 mvyskocilAATTsuse.cz
- fixed bnc#509839: CVE-2009-0580

* http://svn.apache.org/viewvc?view=rev&revision=747840
- fixed bnc#509840: CVE-2009-0033

* http://svn.apache.org/viewvc?view=rev&revision=781362
- fixed bnc#485933: cumulative fix for tomcat6:

* bnc#418664 - added /etc/ant.d/catalina-ant

* bnc#424675 - link $CATALINA_BASE/conf/Catalina ->
/var/cache/tomcat6/Catalina/

* bnc#433852 - rctomcat symlink

* bnc#446598 - dtomcat6 reads the tomcat6.conf again, better comment in
config file

Mon Feb 9 13:00:00 2009 mvyskocilAATTsuse.cz
- Fixed bnc#471639 - tomcat does not start/work
- fill up a default JVM in sysconfig

Mon Nov 24 13:00:00 2008 mvyskocilAATTsuse.cz
- Fixed bnc#446598 - Tomcat6: tomcat6.conf overwrites sysconfig/tomcat6 values

Fri Sep 12 14:00:00 2008 mvyskocilAATTsuse.cz
- Update to 6.0.18. This obsoletes patches:
apache-tomcat-CVE-2008-1232
apache-tomcat-CVE-2008-1947
apache-tomcat-CVE-2008-2370
apache-tomcat-CVE-2008-2938

Tue Aug 19 14:00:00 2008 mvyskocilAATTsuse.cz
- fix CVE-2008-2938: VUL-0: tomcat5: directory traversal

Wed Aug 6 14:00:00 2008 mvyskocilAATTsuse.cz
- fix CVE-2008-1232 and CVE-2008-2370: VUL-0: Apache Tomcat Cross-Site
Scripting and Security Bypass [bnc#414657]

Mon Jul 21 14:00:00 2008 mvyskocilAATTsuse.cz
- fixed [bnc#394503]: tomcat6 is missing rctomcat6 link
- add a /usr/sbin/rctomcat6 symlink
- and heavy rewrite and improve of original jpackage tomcat6 init script
- add Should-Start and Should-Stop section and values for Default-Start and
Default-Stop
- removed the echo_success and echo_failure functions and usage
- include a /etc/rc.status and use a rc_XXXXX functions instead of echo and
return. Plus add a comments with error codes explanations
- merge the start/stop/status messages from previous version
- use `ps\' command instead of pgrep
- changes in commands: added a try-restart|force-reload|reload|probe and
removed the version|conrestart
- fixed [bnc#394499]: add a PreReq to jpackage-utils
- fixed [bnc#408253]: tomcat6 fails because if missing commons-xxxx jars
- add a removed dependencies to the jakarta-commons-
*-tomcat5 packages
- fixed a proper link creation in post/n scripts
- fixed a build cycle, jakarta-commons-dbcp-tomcat5 needs the tomcat6-lib for
build, but the tomcat6-lib has this package in Requires(post). The
%post scripplet is non-fatal if the jars cannot be found (but this would
not happens in a production state).

Fri Jun 27 14:00:00 2008 mvyskocilAATTsuse.cz
- fixed [bnc#396962]: VUL-0: tomcat5: [SECURITY] CVE-2008-1947: Tomcat host-manager XSS vulnerability
- fixed [bnc#403310]: Tomcat startup script uses wrong java.io.tmpdir
- the temp directory is in /var/cache/tomcat6/temp

Tue May 6 14:00:00 2008 mvyskocilAATTsuse.cz
- fixed a [bnc#383331] - Tomcat cannot compile JSPs
- add a ecj requires for tomcat6-lib
- create a symlink of ecj.jar to tomcat6 libdir
- add a jakarta-taglibs-standard to BuildRequires
- use a fdupes to avoid a file duplication waste in /srv
- replace a %{_jvmdir}/jre to /etc/alternatives/jre in JAVAHOME in default
tomcat6.conf (this path is architecture independent)
- add a %stop_on_removal to %preun, %restart_on_update and %insserv_cleanup to
%postun to fix some rpmlint warnings
- add a $remote_fs dependency to init script

Wed Feb 27 13:00:00 2008 mvyskocilAATTsuse.cz
- update to 6.0.16

Fri Jan 25 13:00:00 2008 cooloAATTsuse.de
- don\'t require the old package names

Fri Jan 25 13:00:00 2008 roAATTsuse.de
- don\'t use dots in package names

Tue Jan 22 13:00:00 2008 anosekAATTsuse.cz
- don\'t use macros in package names (the %package lines)
which does not work with autobuild.

Thu Dec 20 13:00:00 2007 anosekAATTsuse.cz
- don\'t use static uid/gid for tomcat user and tomcat group

Tue Dec 4 13:00:00 2007 anosekAATTsuse.cz
- initial version of tomcat6 package
- based on work by jpackage project


  
ICM