-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CVE-2008-5515: Apache Tomcat information disclosure vulnerability
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
Tomcat 4.1.0 to 4.1.39
Tomcat 5.5.0 to 5.5.27
Tomcat 6.0.0 to 6.0.18
The unsupported Tomcat 3.x, 4.0.x an
Author: markt
Date: Mon Jun 8 21:35:33 2009
New Revision: 782794
URL: http://svn.apache.org/viewvc?rev=782794&view=rev
Log:
Propose patch
Modified:
tomcat/current/tc5.5.x/STATUS.txt
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/current/tc5.5.x/STATUS.txt
URL:
http://svn.apache.org/v
Author: markt
Date: Mon Jun 8 21:29:27 2009
New Revision: 782791
URL: http://svn.apache.org/viewvc?rev=782791&view=rev
Log:
Use a more sensible default.
Patch suggested by Ian Darwin.
Modified:
tomcat/trunk/java/org/apache/catalina/core/StandardHost.java
tomcat/trunk/webapps/docs/config/
The release is located here:
http://people.apache.org/~fhanik/jdbc-pool/v1.0.3/
[ ] STABLE - I couldn't find any bugs
[ ] BETA - I found some bugs but not critical
[ ] BROKEN - I found some show stoppers
Any comments ?
Thanks,
Filip
---
https://issues.apache.org/bugzilla/show_bug.cgi?id=42536
--- Comment #3 from Petr 2009-06-08 13:47:08 PST ---
The same occurs now with tcnative-1.dll 1.1.16 on Windows 2000, perhaps due to
fixes to the 43327
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
-
Author: markt
Date: Mon Jun 8 20:25:34 2009
New Revision: 782770
URL: http://svn.apache.org/viewvc?rev=782770&view=rev
Log:
Remove a deprecated method
Modified:
tomcat/trunk/java/org/apache/catalina/ssi/SSIServletRequestUtil.java
Modified: tomcat/trunk/java/org/apache/catalina/ssi/SSIServle
Author: markt
Date: Mon Jun 8 20:18:40 2009
New Revision: 782764
URL: http://svn.apache.org/viewvc?rev=782764&view=rev
Log:
Add CVE-2008-5515.
Modified:
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/sit
Author: markt
Date: Mon Jun 8 20:14:37 2009
New Revision: 782763
URL: http://svn.apache.org/viewvc?rev=782763&view=rev
Log:
Port normalisation clean-up.
Includes fix for CVE-2008-5515
Modified:
tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/connector/HttpRequestBas
Author: fhanik
Date: Mon Jun 8 20:14:28 2009
New Revision: 782762
URL: http://svn.apache.org/viewvc?rev=782762&view=rev
Log:
A tag that we can vote on, I dropped the ball on the previous one
Added:
tomcat/tags/JDBC_POOL_1_0_3/ (props changed)
- copied from r782760, tomcat/trunk/modul
Author: markt
Date: Mon Jun 8 20:04:29 2009
New Revision: 782757
URL: http://svn.apache.org/viewvc?rev=782757&view=rev
Log:
Port normalisation clean-up.
Includes fix for CVE-2008-5515
Modified:
tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/Request.java
tomca
Author: markt
Revision: 734734
Modified property: svn:log
Modified: svn:log at Mon Jun 8 19:59:39 2009
--
--- svn:log (original)
+++ svn:log Mon Jun 8 19:59:39 2009
@@ -1,3 +1,4 @@
-Remove 3 of the essentially 4 duplicat
Author: fhanik
Date: Mon Jun 8 19:53:39 2009
New Revision: 782751
URL: http://svn.apache.org/viewvc?rev=782751&view=rev
Log:
Create for bash
Modified:
tomcat/trunk/modules/jdbc-pool/sign.sh
Modified: tomcat/trunk/modules/jdbc-pool/sign.sh
URL:
http://svn.apache.org/viewvc/tomcat/trunk/modu
All,
while I was just looking at BZ I found a very old feature request for
NetWare:
https://issues.apache.org/bugzilla/show_bug.cgi?id=8441
what do you think? These 3 files are those we use for start/stop of TC
...; maybe we can add these files to TC 4/5, or are there any objections?
then another
https://issues.apache.org/bugzilla/show_bug.cgi?id=46381
Alfred Staflinger changed:
What|Removed |Added
Status|RESOLVED|REOPENED
CC|
Author: funkman
Date: Mon Jun 8 13:09:47 2009
New Revision: 782612
URL: http://svn.apache.org/viewvc?rev=782612&view=rev
Log:
vote
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=78261
https://issues.apache.org/bugzilla/show_bug.cgi?id=47318
--- Comment #6 from Tim Funk 2009-06-08 06:07:38 PST ---
Created an attachment (id=23775)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=23775)
webapp with tag files fail
The same war file as previous attached with the new
Author: markt
Date: Mon Jun 8 12:12:05 2009
New Revision: 782599
URL: http://svn.apache.org/viewvc?rev=782599&view=rev
Log:
Fix a couple of typos
Modified:
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/v
Author: markt
Date: Mon Jun 8 10:18:35 2009
New Revision: 782586
URL: http://svn.apache.org/viewvc?rev=782586&view=rev
Log:
Fix bad edit
Modified:
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/xdocs/security-6.xml
Modified: tomcat/site/trunk/docs/security-6.html
URL:
http://
https://issues.apache.org/bugzilla/show_bug.cgi?id=47331
Summary: No translation error messag when using #{...} in
template text
Product: Tomcat 6
Version: 6.0.20
Platform: PC
OS/Version: Linux
Status: NEW
Author: markt
Date: Mon Jun 8 08:39:25 2009
New Revision: 782559
URL: http://svn.apache.org/viewvc?rev=782559&view=rev
Log:
Update CVE-2009-0580
Modified:
tomcat/site/trunk/docs/security-4.html
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/s
20 matches
Mail list logo
