Debian Package Tracker

From: Holger Levsen <holger@debian.org>
To: <debian-lts-changes@lists.debian.org>
Subject: Accepted tomcat6 6.0.41-2+squeeze5 (source all) into squeeze-lts, squeeze-lts
Date: Sun, 23 Nov 2014 17:00:07 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 21 Nov 2014 20:08:38 +0100
Source: tomcat6
Binary: tomcat6-common tomcat6 tomcat6-user libtomcat6-java libservlet2.4-java libservlet2.5-java libservlet2.5-java-doc tomcat6-admin tomcat6-examples tomcat6-docs tomcat6-extras
Architecture: source all
Version: 6.0.41-2+squeeze5
Distribution: squeeze-lts
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Holger Levsen <holger@debian.org>
Description: 
 libservlet2.4-java - Transitional package for libservlet2.5-java
 libservlet2.5-java - Servlet 2.5 and JSP 2.1 Java API classes
 libservlet2.5-java-doc - Servlet 2.5 and JSP 2.1 Java API documentation
 libtomcat6-java - Servlet and JSP engine -- core libraries
 tomcat6    - Servlet and JSP engine
 tomcat6-admin - Servlet and JSP engine -- admin web applications
 tomcat6-common - Servlet and JSP engine -- common files
 tomcat6-docs - Servlet and JSP engine -- documentation
 tomcat6-examples - Servlet and JSP engine -- example web applications
 tomcat6-extras - Servlet and JSP engine -- additional components
 tomcat6-user - Servlet and JSP engine -- tools to create user instances
Closes: 299635 608286 654136 659748 664072 665393 666256 668761 671373 677912 682955 687818 692440 695250 713796 717279
Changes: 
 tomcat6 (6.0.41-2+squeeze5) squeeze-lts; urgency=medium
 .
   * Security upload by the Debian LTS team.
   * The full list of changes between 6.0.35 (the version previously available
     in squeeze) and 6.0.41 can be see in the upstream changelog, which is
     available online at http://tomcat.apache.org/tomcat-6.0-doc/changelog.html
   * This update fixes the following security issues:
     - CVE-2014-0033: prevent remote attackers from conducting session
       fixation attacks via crafted URLs.
     - CVE-2013-4590: prevent "Tomcat internals" information leaks.
     - CVE-2013-4322: prevent remote attackers from doing denial of service
       attacks.
     - CVE-2013-4286: reject requests with multiple content-length headers or
       with a content-length header when chunked encoding is being used.
     - Avoid CVE-2013-1571 when generating Javadoc.
     - CVE-2012-3439: various improvements to the DIGEST authenticator.
   * Thanks to Tony Mancill for doing the vast amount of the work for this
     update!
   * Downgrade debian/compat to 8 and reduce build-dependency do debhelper 8
     to match the squeeze squeeze version
 .
 tomcat6 (6.0.41-2) unstable; urgency=medium
 .
   [ Emmanuel Bourg ]
   * Updated the version required for libtcnative-1 (>= 1.1.30)
 .
   [ tony mancill ]
   * Add patch for logfile compression. (Closes: #682955)
     - Thank you to Thijs Kinkhorst.
 .
 tomcat6 (6.0.41-1) unstable; urgency=medium
 .
   * New upstream release.
     - Refreshed the patches
 .
 tomcat6 (6.0.39-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream release.
     - Refreshed the patches
   * Standards-Version updated to 3.9.5 (no changes)
   * Switch to debhelper level 9
   * Use XZ compression for the upstream tarball
   * Use canonical URL for the Vcs-Git field
 .
 tomcat6 (6.0.37-1) unstable; urgency=low
 .
   * New upstream release.
     - Drop patches for CVE-2012-4534, CVE-2012-4431, CVE-2012-3546,
       CVE-2012-2733, CVE-2012-3439
     - Drop 0011-CVE-02012-0022-regression-fix.patch
     - Drop 0017-eclipse-compiler-update.patch
   * Freshened remaining patches.
 .
 tomcat6 (6.0.35-7) unstable; urgency=low
 .
   * Team upload.
   * Fixed the watch file
   * Fix FTBFS with ecj 3.8 (closes: #717279, #713796)
   * Updated the standards version to 3.9.4 - no changes
   * Updated the Vcs-Git field to the canonical url
 .
 tomcat6 (6.0.35-6) unstable; urgency=high
 .
   * Acknowledge NMU: 6.0.35-5+nmu1 (Closes: #692440)
     - Thank you to Michael Gilbert.
   * Add patches for the following security issues: (Closes: #695250)
     - CVE-2012-4534, CVE-2012-4431, CVE-2012-3546
 .
 tomcat6 (6.0.35-5+nmu1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Fix multiple security issues (closes: #692440)
     - cve-2012-2733: denial-of-service by triggering out of memory error.
     - cve-2012-3439: multiple replay attack issues in digest authentication.
 .
 tomcat6 (6.0.35-5) unstable; urgency=low
 .
   * Apply patch to README.Debian to explain setting the HTTPOnly flag
     in cookies by default; CVE-2010-4312. (Closes: #608286)
     - Thank you to Thijs Kinkhorst for the patch.
   * Use ucf and a template for /etc/logrotate.d/tomcat6 file to avoid
     updating the shipped conffile. (Closes: #687818)
 .
 tomcat6 (6.0.35-4) unstable; urgency=low
 .
   [ tony mancill ]
   * Team upload.
   * Apply patch from James Page (Closes: #671373)
     - d/tomcat6-instance-create: Quote access to files and directories
       so that spaces can be used when creating user instances.
     - d/tomcat6.init: Make NAME dynamic, to allow starting multiple
       instances. (Closes: #299635)
 .
   [ Miguel Landaeta ]
   * Add Slovak debconf translation (Closes: #677912).
     - Thanks to Ivan Masár.
 .
 tomcat6 (6.0.35-3) unstable; urgency=low
 .
   [ Miguel Landaeta ]
   * Add Replaces and Conflicts for libservlet2.5-java to overwrite files
     in libservlet2.4-java.  (Closes: #666256).
 .
   [ tony mancill ]
   * Add libservlet2.4-java transitional package.
   * Remove /etc/authbind/byuid, /etc/authbind in postrm. (Closes: #668761)
   * Add 0011-CVE-2012-0022-regression-fix.patch.  (Closes: #659748)
     - Thank you to Marc Deslauriers
 .
 tomcat6 (6.0.35-2) unstable; urgency=low
 .
   [ tony mancill ]
   * Remove Michael Koch from Uploaders. (Closes: #654136)
   * Add Turkish debconf translation (Closes: #664072)
     - Thanks to Atila KOÇ
   * Remove libservlet2.5-doc dependency on libservlet2.5.
 .
   [ Miguel Landaeta ]
   * Bump Standards-Version to 3.9.3. No changes were required.
   * Provide 'debian' version symlink for Maven artifacts. (Closes: #665393).
Checksums-Sha1: 
 2afa377de240513a32dcce9c7e1ed85e113f79da 2364 tomcat6_6.0.41-2+squeeze5.dsc
 6f258c09301706029530426399ffce4ed403b261 45927 tomcat6_6.0.41-2+squeeze5.debian.tar.gz
 e2ff0a6d9731e0f830289fac92398ddd08b18b73 56226 tomcat6-common_6.0.41-2+squeeze5_all.deb
 33338bd531d7d6f4dd75bed6c7c0478598801b8a 50776 tomcat6_6.0.41-2+squeeze5_all.deb
 49fde71c9cd04cd613b569cf7c7cbf4be7a75012 40298 tomcat6-user_6.0.41-2+squeeze5_all.deb
 432092d6203d281769c8affe1130c8bbf523efa1 3150660 libtomcat6-java_6.0.41-2+squeeze5_all.deb
 8a1b07725478a0184a7d00f828cbc5dbce032aa0 14266 libservlet2.4-java_6.0.41-2+squeeze5_all.deb
 b389e9b75f2fea3308292a8837de0e22b7971a82 240264 libservlet2.5-java_6.0.41-2+squeeze5_all.deb
 1d1de16a22b57fcedf1213be726554ab816b8308 259210 libservlet2.5-java-doc_6.0.41-2+squeeze5_all.deb
 3987ed0aec45d0f4b31f6f1d140efac0e49c0e18 49594 tomcat6-admin_6.0.41-2+squeeze5_all.deb
 c7634466ca6467c9f9fae497fd52218e03d16f07 164700 tomcat6-examples_6.0.41-2+squeeze5_all.deb
 e4094cfbde82edb1db6fc8c4b7dc674331325298 589422 tomcat6-docs_6.0.41-2+squeeze5_all.deb
 c9456a605551c9cc6f59f5705eac5dbe51f67f77 14546 tomcat6-extras_6.0.41-2+squeeze5_all.deb
Checksums-Sha256: 
 65c379b50086740acefc0616982db3843c86029d249641496ec9aebbd166ae90 2364 tomcat6_6.0.41-2+squeeze5.dsc
 e7a77010cbdf2271818798f9ff15efb2114f1ec4774a10a566dbe29f14af9105 45927 tomcat6_6.0.41-2+squeeze5.debian.tar.gz
 b72423aee92bda30188cb66d67cccd72f449e20331c0c435f1a1472ee5f4b97b 56226 tomcat6-common_6.0.41-2+squeeze5_all.deb
 cc0431802f0a375e9498256ac9d4e4aee7cd760c8b5d23c1663799df76cc7d95 50776 tomcat6_6.0.41-2+squeeze5_all.deb
 c4276f0d4b5d11cf40912f4bdfc3e29dcbf18e2b436e1ac7adfef7cfec438070 40298 tomcat6-user_6.0.41-2+squeeze5_all.deb
 a6dd7a89ffd25383b84ecc0ba049b82c4eb3a801e8ba17cdbe60f15ad8bfc2c1 3150660 libtomcat6-java_6.0.41-2+squeeze5_all.deb
 ec51f5bf912191c761f12b733660a0cd1a65860510b10f7ac5d5cf32c448c295 14266 libservlet2.4-java_6.0.41-2+squeeze5_all.deb
 827cf919c39277abecd7d9bdeb6f42ac37a1379f1022326f662a03ab8444cbac 240264 libservlet2.5-java_6.0.41-2+squeeze5_all.deb
 dee98af9305612fac85b0ae73646b0ac08b219958fb1287d19378614c6628ac0 259210 libservlet2.5-java-doc_6.0.41-2+squeeze5_all.deb
 164fa991590bf0aafe4115bb57f90fe198ad0a0abcd664eba24fcf506d51ba14 49594 tomcat6-admin_6.0.41-2+squeeze5_all.deb
 4dd530d6ed88200e1f22de292fddd2d1549e1eaac3acf9a2fa6f914ee33fe00c 164700 tomcat6-examples_6.0.41-2+squeeze5_all.deb
 36b8b79ccb7f7147fdb9757699b82bd390ba7162c69a4429fea1831d21b7503f 589422 tomcat6-docs_6.0.41-2+squeeze5_all.deb
 d203ff134157c175661bbd189d606e64a643756375b6e945a3c33e39cc44b121 14546 tomcat6-extras_6.0.41-2+squeeze5_all.deb
Files: 
 3f6fe72d418e89e88d30530ebd377fe8 2364 java optional tomcat6_6.0.41-2+squeeze5.dsc
 2f30e0660a8bc90344e9816bc9163f58 45927 java optional tomcat6_6.0.41-2+squeeze5.debian.tar.gz
 44a43f7ffd97c40c5e539d9c81c22f8f 56226 java optional tomcat6-common_6.0.41-2+squeeze5_all.deb
 87b515355995b25dcbb43bbf48312715 50776 java optional tomcat6_6.0.41-2+squeeze5_all.deb
 49470f8953f8c60bbb800dd821feb1f3 40298 java optional tomcat6-user_6.0.41-2+squeeze5_all.deb
 8f17d370e9c71ab057dfd55f2516ae7a 3150660 java optional libtomcat6-java_6.0.41-2+squeeze5_all.deb
 9732f2123ea3dc63c65d53de7305d156 14266 oldlibs extra libservlet2.4-java_6.0.41-2+squeeze5_all.deb
 7b52af0578cb6c951b8354d7201734be 240264 java optional libservlet2.5-java_6.0.41-2+squeeze5_all.deb
 596a672e5b5066dd3128870159a3f0d1 259210 doc optional libservlet2.5-java-doc_6.0.41-2+squeeze5_all.deb
 6d7607d9b0435cc844313190bc347312 49594 java optional tomcat6-admin_6.0.41-2+squeeze5_all.deb
 2262a6743e9cdc5a8602a11dd176ac6d 164700 java optional tomcat6-examples_6.0.41-2+squeeze5_all.deb
 305c08a212ac5894bfa5f46cfbb657ab 589422 doc optional tomcat6-docs_6.0.41-2+squeeze5_all.deb
 5bbc9a75e22952fe43ec0633c3155c84 14546 java optional tomcat6-extras_6.0.41-2+squeeze5_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIVAwUBVHIB8QkauFYGmqocAQqYOQ//d2ednre1oPNRCAOxaBJ14CO8pOqX6ocF
yFHiWFaCe66K7UVIRtqyXX6JgeEyjyckL+CvpHW03dBfxP4wmFTr4IOI+LDqoQC6
MIdKSxYzHJQ8k92nQtsr0g9FBSajTRePNat3d0xjWRixObmkx8lci3dzAuuLJUC6
FwmogIEzSjYO1CDa8nxjeGNB2k3E6DLZ3Tj+CzBCMMkrvc/yYMV/RHpE6nV/SZro
U9IzA8q6jPNR/Ec9C0rygoeSN69viD3X8EbyPDcUG8LdyIP4trV32AkjbaoMAkK1
O1z+hVDmpJEqIQ8NKSR42qPnLbHX4+xDgOV/IHzzaj9NgRhAbp0HXPQgiPrT6vix
/OThgNy5ODpAtLOL9e6L+Fq41YUX/A1o9YOQK+/JYPfpSsMLtSCAQFC3rINoZiRv
LoizwTp3Tht+tnTeoPWx9dTcV9GGUpeXlD1Sg4EIN31NwSFJ0ru1P7ycVXT8lNdB
+l8/w5ngROjU6Yins7V8zjqFnqH7kFweEg/iQbXq5Wh+FoxScLJZ+QNGgHOqZi8a
fVmtSt1p2Nd8to6U3g/3ZZw4tJ1Mqybc4vGlHzujFuD1K//Y0lvGc9FNLZwY9Qxh
m9bIQxkJy6rlesPuVgBxH3Tzc4A4hwq2tIrrJoQh7Hpf+plKzbpSqCN4HEoSv7f4
oIxMvmzrepQ=
=yw6V
-----END PGP SIGNATURE-----
News for package tomcat6
