Author: markt
Date: Thu Jul 14 13:41:49 2011
New Revision: 1146707
URL: http://svn.apache.org/viewvc?rev=1146707&view=rev
Log:
Update now patch has been applied
Modified:
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/xdocs/security-6.xml
Modified: tomcat/site/trunk/docs/security-6.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1146707&r1=1146706&r2=1146707&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Thu Jul 14 13:41:49 2011
@@ -215,9 +215,6 @@
<a href="#Apache_Tomcat_6.x_vulnerabilities">Apache Tomcat 6.x
vulnerabilities</a>
</li>
<li>
-<a href="#To_be_fixed_in_Apache_Tomcat_6.0.33_(not_yet_released)">To be fixed
in Apache Tomcat 6.0.33 (not yet released)</a>
-</li>
-<li>
<a href="#Fixed_in_Apache_Tomcat_6.0.33_(not_yet_released)">Fixed in Apache
Tomcat 6.0.33 (not yet released)</a>
</li>
<li>
@@ -316,11 +313,11 @@
<tr>
<td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="To be fixed in Apache Tomcat 6.0.33 (not yet released)">
+<a name="Fixed in Apache Tomcat 6.0.33 (not yet released)">
<!--()-->
</a>
-<a name="To_be_fixed_in_Apache_Tomcat_6.0.33_(not_yet_released)">
-<strong>To be fixed in Apache Tomcat 6.0.33 (not yet released)</strong>
+<a name="Fixed_in_Apache_Tomcat_6.0.33_(not_yet_released)">
+<strong>Fixed in Apache Tomcat 6.0.33 (not yet released)</strong>
</a>
</font>
</td>
@@ -332,6 +329,29 @@
<p>
<strong>Low: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204";
rel="nofollow">CVE-2011-2204</a>
+</p>
+
+ <p>When using the MemoryUserDatabase (based on tomcat-users.xml) and
+ creating users via JMX, an exception during the user creation process
may
+ trigger an error message in the JMX client that includes the user's
+ password. This error message is also written to the Tomcat logs. User
+ passwords are visible to administrators with JMX access and/or
+ administrators with read access to the tomcat-users.xml file. Users that
+ do not have these permissions but are able to read log files may be able
+ to discover a user's password.</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=1140071&view=rev";>
+ revision 1140071</a>.</p>
+
+ <p>This was identified by Polina Genova on 14 June 2011 and
+ made public on 27 June 2011.</p>
+
+ <p>Affects: 6.0.0-6.0.32</p>
+
+ <p>
+<strong>Low: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526";
rel="nofollow">CVE-2011-2526</a>
</p>
@@ -358,8 +378,9 @@
</ul>
</p>
- <p>There is a <a
href="http://people.apache.org/~markt/patches/2011-07-13-cve-2011-2526-tc6.patch";>
- proposed patch</a> for this issue.</p>
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=1146703&view=rev";>
+ revision 1146703</a>.</p>
<p>This was identified by the Tomcat security team on 7 July 2011 and
made public on 13 July 2011.</p>
@@ -380,57 +401,6 @@
<tr>
<td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 6.0.33 (not yet released)">
-<!--()-->
-</a>
-<a name="Fixed_in_Apache_Tomcat_6.0.33_(not_yet_released)">
-<strong>Fixed in Apache Tomcat 6.0.33 (not yet released)</strong>
-</a>
-</font>
-</td>
-</tr>
-<tr>
-<td>
-<p>
-<blockquote>
-
- <p>
-<strong>Low: Information disclosure</strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204";
rel="nofollow">CVE-2011-2204</a>
-</p>
-
- <p>When using the MemoryUserDatabase (based on tomcat-users.xml) and
- creating users via JMX, an exception during the user creation process
may
- trigger an error message in the JMX client that includes the user's
- password. This error message is also written to the Tomcat logs. User
- passwords are visible to administrators with JMX access and/or
- administrators with read access to the tomcat-users.xml file. Users that
- do not have these permissions but are able to read log files may be able
- to discover a user's password.</p>
-
- <p>This was fixed in
- <a href="http://svn.apache.org/viewvc?rev=1140071&view=rev";>
- revision 1140071</a>.</p>
-
- <p>This was identified by Polina Genova on 14 June 2011 and
- made public on 27 June 2011.</p>
-
- <p>Affects: 6.0.0-6.0.32</p>
-
- </blockquote>
-</p>
-</td>
-</tr>
-<tr>
-<td>
-<br/>
-</td>
-</tr>
-</table>
-<table border="0" cellspacing="0" cellpadding="2" width="100%">
-<tr>
-<td bgcolor="#525D76">
-<font color="#ffffff" face="arial,helvetica,sanserif">
<a name="Fixed in Apache Tomcat 6.0.32">
<!--()-->
</a>
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1146707&r1=1146706&r2=1146707&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Thu Jul 14 13:41:49 2011
@@ -30,9 +30,31 @@
</section>
- <section name="To be fixed in Apache Tomcat 6.0.33 (not yet released)">
+ <section name="Fixed in Apache Tomcat 6.0.33 (not yet released)">
<p><strong>Low: Information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204";
+ rel="nofollow">CVE-2011-2204</a></p>
+
+ <p>When using the MemoryUserDatabase (based on tomcat-users.xml) and
+ creating users via JMX, an exception during the user creation process
may
+ trigger an error message in the JMX client that includes the user's
+ password. This error message is also written to the Tomcat logs. User
+ passwords are visible to administrators with JMX access and/or
+ administrators with read access to the tomcat-users.xml file. Users that
+ do not have these permissions but are able to read log files may be able
+ to discover a user's password.</p>
+
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=1140071&view=rev";>
+ revision 1140071</a>.</p>
+
+ <p>This was identified by Polina Genova on 14 June 2011 and
+ made public on 27 June 2011.</p>
+
+ <p>Affects: 6.0.0-6.0.32</p>
+
+ <p><strong>Low: Information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526";
rel="nofollow">CVE-2011-2526</a></p>
@@ -59,8 +81,9 @@
</ul>
</p>
- <p>There is a <a
href="http://people.apache.org/~markt/patches/2011-07-13-cve-2011-2526-tc6.patch";>
- proposed patch</a> for this issue.</p>
+ <p>This was fixed in
+ <a href="http://svn.apache.org/viewvc?rev=1146703&view=rev";>
+ revision 1146703</a>.</p>
<p>This was identified by the Tomcat security team on 7 July 2011 and
made public on 13 July 2011.</p>
@@ -69,32 +92,6 @@
</section>
- <section name="Fixed in Apache Tomcat 6.0.33 (not yet released)">
-
- <p><strong>Low: Information disclosure</strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2204";
- rel="nofollow">CVE-2011-2204</a></p>
-
- <p>When using the MemoryUserDatabase (based on tomcat-users.xml) and
- creating users via JMX, an exception during the user creation process
may
- trigger an error message in the JMX client that includes the user's
- password. This error message is also written to the Tomcat logs. User
- passwords are visible to administrators with JMX access and/or
- administrators with read access to the tomcat-users.xml file. Users that
- do not have these permissions but are able to read log files may be able
- to discover a user's password.</p>
-
- <p>This was fixed in
- <a href="http://svn.apache.org/viewvc?rev=1140071&view=rev";>
- revision 1140071</a>.</p>
-
- <p>This was identified by Polina Genova on 14 June 2011 and
- made public on 27 June 2011.</p>
-
- <p>Affects: 6.0.0-6.0.32</p>
-
- </section>
-
<section name="Fixed in Apache Tomcat 6.0.32" rtext="released 03 Feb 2011">
<p><i>Note: The issue below was fixed in Apache Tomcat 6.0.31 but the
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
