Jamie, Thanks for the info. There is a fix for CVE-2012-2733 for tomcat7 from upstream (see http://svn.apache.org/viewvc?view=revision&revision=1350301).
Did you see the new debdiff for oneiric in comment #5? All the fixes for the CVEs I am aware of should be in it (as well CVE-2012-2733). Please let me know if the changelog is okay like that and of course if there are any other improvements/changes I should make. As soon as that one is approved I will upload the precise debdiff. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1115053 Title: Multiple open vulnerabilities in tomcat7 in 12.04 and 11.10 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1115053/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
