You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2010/12/13 18:59:40 UTC
svn commit: r1045265 - in /tomcat/site/trunk: docs/security-5.html
docs/security-6.html docs/security-7.html xdocs/security-5.xml
xdocs/security-6.xml xdocs/security-7.xml
Author: markt
Date: Mon Dec 13 17:59:40 2010
New Revision: 1045265
URL: http://svn.apache.org/viewvc?rev=1045265&view=rev
Log:
Add some dates to the vulnerability pages. Only went back ~2 years. Still more do to.
Modified:
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-6.xml
tomcat/site/trunk/xdocs/security-7.xml
Modified: tomcat/site/trunk/docs/security-5.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=1045265&r1=1045264&r2=1045265&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Mon Dec 13 17:59:40 2010
@@ -325,9 +325,14 @@
</a>
</font>
</td>
+<td align="right" bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica.sanserif">
+<strong>released 9 Jul 2010</strong>
+</font>
+</td>
</tr>
<tr>
-<td>
+<td colspan="2">
<p>
<blockquote>
@@ -349,6 +354,9 @@
<a href="http://svn.apache.org/viewvc?rev=959428&view=rev">
revision 959428</a>.</p>
+ <p>This was first reported to the Tomcat security team on 14 Jun 2010 and
+ made public on 9 Jul 2010.</p>
+
<p>Affects: 5.5.0-5.5.29</p>
<p>
@@ -371,6 +379,9 @@
<a href="http://svn.apache.org/viewvc?rev=936541&view=rev">
revision 936541</a>.</p>
+ <p>This was first reported to the Tomcat security team on 31 Dec 2009 and
+ made public on 21 Apr 2010.</p>
+
<p>Affects: 5.5.0-5.5.29</p>
</blockquote>
@@ -395,9 +406,14 @@
</a>
</font>
</td>
+<td align="right" bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica.sanserif">
+<strong>released 20 Apr 2010</strong>
+</font>
+</td>
</tr>
<tr>
-<td>
+<td colspan="2">
<p>
<blockquote>
@@ -416,6 +432,9 @@
<a href="http://svn.apache.org/viewvc?rev=902650&view=rev">
revision 902650</a>.</p>
+ <p>This was first reported to the Tomcat security team on 30 Jul 2009 and
+ made public on 1 Mar 2010.</p>
+
<p>Affects: 5.5.0-5.5.28</p>
<p>
@@ -437,6 +456,9 @@
<a href="http://svn.apache.org/viewvc?rev=902650&view=rev">
revision 902650</a>.</p>
+ <p>This was first reported to the Tomcat security team on 30 Jul 2009 and
+ made public on 1 Mar 2010.</p>
+
<p>Affects: 5.5.0-5.5.28 (Windows only)</p>
<p>
@@ -455,6 +477,9 @@
<a href="http://svn.apache.org/viewvc?rev=902650&view=rev">
revision 902650</a>.</p>
+ <p>This was first reported to the Tomcat security team on 30 Jul 2009 and
+ made public on 1 Mar 2010.</p>
+
<p>Affects: 5.5.0-5.5.28</p>
<p>
@@ -470,6 +495,9 @@
<p>Affects: 5.5.0-5.5.28</p>
+ <p>This was first reported to the Tomcat security team on 26 Oct 2009 and
+ made public on 9 Nov 2009.</p>
+
<p>This was fixed in
<a href="http://svn.apache.org/viewvc?rev=919006&view=rev">
revision 919006</a>.</p>
@@ -495,9 +523,14 @@
</a>
</font>
</td>
+<td align="right" bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica.sanserif">
+<strong>released 4 Sep 2009</strong>
+</font>
+</td>
</tr>
<tr>
-<td>
+<td colspan="2">
<p>
<blockquote>
<p>
@@ -518,6 +551,9 @@
<a href="http://svn.apache.org/viewvc?rev=783291&view=rev">
revision 783291</a>.</p>
+ <p>This was first reported to the Tomcat security team on 11 Dec 2008 and
+ made public on 8 Jun 2009.</p>
+
<p>Affects: 5.5.0-5.5.27</p>
<p>
@@ -537,6 +573,9 @@
<a href="http://svn.apache.org/viewvc?rev=781362&view=rev">
revision 781362</a>.</p>
+ <p>This was first reported to the Tomcat security team on 26 Jan 2009 and
+ made public on 3 Jun 2009.</p>
+
<p>Affects: 5.5.0-5.5.27</p>
<p>
@@ -556,6 +595,9 @@
<a href="http://svn.apache.org/viewvc?rev=781379&view=rev">
revision 781379</a>.</p>
+ <p>This was first reported to the Tomcat security team on 25 Feb 2009 and
+ made public on 3 Jun 2009.</p>
+
<p>Affects: 5.5.0-5.5.27 (Memory Realm), 5.5.0-5.5.5 (DataSource and JDBC
Realms)</p>
@@ -573,6 +615,9 @@
<a href="http://svn.apache.org/viewvc?rev=750928&view=rev">
revision 750928</a>.</p>
+ <p>This was first reported to the Tomcat security team on 5 Mar 2009 and
+ made public on 3 Jun 2009.</p>
+
<p>Affects: 5.5.0-5.5.27</p>
<p>
@@ -596,6 +641,9 @@
<a href="http://svn.apache.org/viewvc?rev=781542&view=rev">
781542</a>.</p>
+ <p>This was first reported to the Tomcat security team on 2 Mar 2009 and
+ made public on 4 Jun 2009.</p>
+
<p>Affects: 5.5.0-5.5.27</p>
</blockquote>
Modified: tomcat/site/trunk/docs/security-6.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1045265&r1=1045264&r2=1045265&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Mon Dec 13 17:59:40 2010
@@ -201,7 +201,7 @@
<a href="#Apache_Tomcat_6.x_vulnerabilities">Apache Tomcat 6.x vulnerabilities</a>
</li>
<li>
-<a href="#Fixed_in_SVN_for_Apache_Tomcat_6.0.30_(not_yet_released)">Fixed in SVN for Apache Tomcat 6.0.30 (not yet released)</a>
+<a href="#Fixed_in_SVN_for_Apache_Tomcat_6.0.30">Fixed in SVN for Apache Tomcat 6.0.30</a>
</li>
<li>
<a href="#Fixed_in_Apache_Tomcat_6.0.28">Fixed in Apache Tomcat 6.0.28</a>
@@ -293,17 +293,22 @@
<tr>
<td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in SVN for Apache Tomcat 6.0.30 (not yet released)">
+<a name="Fixed in SVN for Apache Tomcat 6.0.30">
<!--()-->
</a>
-<a name="Fixed_in_SVN_for_Apache_Tomcat_6.0.30_(not_yet_released)">
-<strong>Fixed in SVN for Apache Tomcat 6.0.30 (not yet released)</strong>
+<a name="Fixed_in_SVN_for_Apache_Tomcat_6.0.30">
+<strong>Fixed in SVN for Apache Tomcat 6.0.30</strong>
</a>
</font>
</td>
+<td align="right" bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica.sanserif">
+<strong>not yet released</strong>
+</font>
+</td>
</tr>
<tr>
-<td>
+<td colspan="2">
<p>
<blockquote>
@@ -321,6 +326,9 @@
<a href="http://svn.apache.org/viewvc?rev=1037779&view=rev">
revision 1037779</a>.</p>
+ <p>This was first reported to the Tomcat security team on 15 Nov 2010 and
+ made public on 22 Nov 2010.</p>
+
<p>Affects: 6.0.12-6.0.29</p>
</blockquote>
@@ -345,9 +353,14 @@
</a>
</font>
</td>
+<td align="right" bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica.sanserif">
+<strong>released 9 Jul 2010</strong>
+</font>
+</td>
</tr>
<tr>
-<td>
+<td colspan="2">
<p>
<blockquote>
@@ -369,6 +382,9 @@
<a href="http://svn.apache.org/viewvc?rev=958977&view=rev">
revision 958977</a>.</p>
+ <p>This was first reported to the Tomcat security team on 14 Jun 2010 and
+ made public on 9 Jul 2010.</p>
+
<p>Affects: 6.0.0-6.0.27</p>
<p>
@@ -399,6 +415,9 @@
<a href="http://svn.apache.org/viewvc?rev=936540&view=rev">
revision 936540</a>.</p>
+ <p>This was first reported to the Tomcat security team on 31 Dec 2009 and
+ made public on 21 Apr 2010.</p>
+
<p>Affects: 6.0.0-6.0.26</p>
</blockquote>
@@ -423,9 +442,14 @@
</a>
</font>
</td>
+<td align="right" bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica.sanserif">
+<strong>released 21 Jan 2010</strong>
+</font>
+</td>
</tr>
<tr>
-<td>
+<td colspan="2">
<p>
<blockquote>
<p>
@@ -451,6 +475,9 @@
<a href="http://svn.apache.org/viewvc?rev=892815&view=rev">
revision 892815</a>.</p>
+ <p>This was first reported to the Tomcat security team on 30 Jul 2009 and
+ made public on 1 Mar 2010.</p>
+
<p>Affects: 6.0.0-6.0.20</p>
<p>
@@ -472,6 +499,9 @@
<a href="http://svn.apache.org/viewvc?rev=892815&view=rev">
revision 892815</a>.</p>
+ <p>This was first reported to the Tomcat security team on 30 Jul 2009 and
+ made public on 1 Mar 2010.</p>
+
<p>Affects: 6.0.0-6.0.20 (Windows only)</p>
<p>
@@ -490,6 +520,9 @@
<a href="http://svn.apache.org/viewvc?rev=892815&view=rev">
revision 892815</a>.</p>
+ <p>This was first reported to the Tomcat security team on 30 Jul 2009 and
+ made public on 1 Mar 2010.</p>
+
<p>Affects: 6.0.0-6.0.20</p>
<p>
@@ -507,6 +540,9 @@
<a href="http://svn.apache.org/viewvc?rev=881771&view=rev">
revision 881771</a>.</p>
+ <p>This was first reported to the Tomcat security team on 26 Oct 2009 and
+ made public on 9 Nov 2009.</p>
+
<p>Affects: 6.0.0-6.0.20</p>
</blockquote>
@@ -531,9 +567,14 @@
</a>
</font>
</td>
+<td align="right" bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica.sanserif">
+<strong>released 3 Jun 2009</strong>
+</font>
+</td>
</tr>
<tr>
-<td>
+<td colspan="2">
<p>
<blockquote>
<p>
@@ -559,6 +600,9 @@
<a href="http://svn.apache.org/viewvc?rev=734734&view=rev">
revision 734734</a>.</p>
+ <p>This was first reported to the Tomcat security team on 11 Dec 2008 and
+ made public on 8 Jun 2009.</p>
+
<p>Affects: 6.0.0-6.0.18</p>
<p>
@@ -578,6 +622,9 @@
<a href="http://svn.apache.org/viewvc?rev=742915&view=rev">
revision 742915</a>.</p>
+ <p>This was first reported to the Tomcat security team on 26 Jan 2009 and
+ made public on 3 Jun 2009.</p>
+
<p>Affects: 6.0.0-6.0.18</p>
<p>
@@ -595,6 +642,9 @@
<a href="http://svn.apache.org/viewvc?rev=747840&view=rev">
revision 747840</a>.</p>
+ <p>This was first reported to the Tomcat security team on 25 Feb 2009 and
+ made public on 3 Jun 2009.</p>
+
<p>Affects: 6.0.0-6.0.18</p>
<p>
@@ -611,6 +661,9 @@
<a href="http://svn.apache.org/viewvc?rev=750924&view=rev">
revision 750924</a>.</p>
+ <p>This was first reported to the Tomcat security team on 5 Mar 2009 and
+ made public on 3 Jun 2009.</p>
+
<p>Affects: 6.0.0-6.0.18</p>
<p>
@@ -634,6 +687,9 @@
<a href="http://svn.apache.org/viewvc?rev=739522&view=rev">
739522</a>.</p>
+ <p>This was first reported to the Tomcat security team on 2 Mar 2009 and
+ made public on 4 Jun 2009.</p>
+
<p>Affects: 6.0.0-6.0.18</p>
</blockquote>
Modified: tomcat/site/trunk/docs/security-7.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1045265&r1=1045264&r2=1045265&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Mon Dec 13 17:59:40 2010
@@ -201,10 +201,10 @@
<a href="#Apache_Tomcat_7.x_vulnerabilities">Apache Tomcat 7.x vulnerabilities</a>
</li>
<li>
-<a href="#Fixed_in_Apache_Tomcat_7.0.5">Fixed in Apache Tomcat 7.0.5</a>
+<a href="#Fixed_in_Apache_Tomcat_7.0.5_(released_1_Dec_2010)">Fixed in Apache Tomcat 7.0.5 (released 1 Dec 2010)</a>
</li>
<li>
-<a href="#Fixed_in_Apache_Tomcat_7.0.2">Fixed in Apache Tomcat 7.0.2</a>
+<a href="#Fixed_in_Apache_Tomcat_7.0.2_(released_11_Aug_2010)">Fixed in Apache Tomcat 7.0.2 (released 11 Aug 2010)</a>
</li>
<li>
<a href="#Not_a_vulnerability_in_Tomcat">Not a vulnerability in Tomcat</a>
@@ -261,11 +261,11 @@
<tr>
<td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 7.0.5">
+<a name="Fixed in Apache Tomcat 7.0.5 (released 1 Dec 2010)">
<!--()-->
</a>
-<a name="Fixed_in_Apache_Tomcat_7.0.5">
-<strong>Fixed in Apache Tomcat 7.0.5</strong>
+<a name="Fixed_in_Apache_Tomcat_7.0.5_(released_1_Dec_2010)">
+<strong>Fixed in Apache Tomcat 7.0.5 (released 1 Dec 2010)</strong>
</a>
</font>
</td>
@@ -290,6 +290,9 @@
<a href="http://svn.apache.org/viewvc?rev=1037778&view=rev">
revision 1037778</a>.</p>
+ <p>This was first reported to the Tomcat security team on 15 Nov 2010 and
+ made public on 22 Nov 2010.</p>
+
<p>Affects: 7.0.0-7.0.4</p>
</blockquote>
@@ -306,11 +309,11 @@
<tr>
<td bgcolor="#525D76">
<font color="#ffffff" face="arial,helvetica,sanserif">
-<a name="Fixed in Apache Tomcat 7.0.2">
+<a name="Fixed in Apache Tomcat 7.0.2 (released 11 Aug 2010)">
<!--()-->
</a>
-<a name="Fixed_in_Apache_Tomcat_7.0.2">
-<strong>Fixed in Apache Tomcat 7.0.2</strong>
+<a name="Fixed_in_Apache_Tomcat_7.0.2_(released_11_Aug_2010)">
+<strong>Fixed in Apache Tomcat 7.0.2 (released 11 Aug 2010)</strong>
</a>
</font>
</td>
@@ -346,6 +349,9 @@
<a href="http://svn.apache.org/viewvc?rev=958911&view=rev">
revision 958911</a>.</p>
+ <p>This was first reported to the Tomcat security team on 14 Jun 2010 and
+ made public on 9 Jul 2010.</p>
+
<p>Affects: 7.0.0</p>
</blockquote>
Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=1045265&r1=1045264&r2=1045265&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Mon Dec 13 17:59:40 2010
@@ -46,7 +46,7 @@
</section>
-->
- <section name="Fixed in Apache Tomcat 5.5.30">
+ <section name="Fixed in Apache Tomcat 5.5.30" rtext="released 9 Jul 2010">
<p><strong>Important: Remote Denial Of Service and Information Disclosure
Vulnerability</strong>
@@ -64,6 +64,9 @@
<a href="http://svn.apache.org/viewvc?rev=959428&view=rev">
revision 959428</a>.</p>
+ <p>This was first reported to the Tomcat security team on 14 Jun 2010 and
+ made public on 9 Jul 2010.</p>
+
<p>Affects: 5.5.0-5.5.29</p>
<p><strong>Low: Information disclosure in authentication headers</strong>
@@ -84,11 +87,14 @@
<a href="http://svn.apache.org/viewvc?rev=936541&view=rev">
revision 936541</a>.</p>
+ <p>This was first reported to the Tomcat security team on 31 Dec 2009 and
+ made public on 21 Apr 2010.</p>
+
<p>Affects: 5.5.0-5.5.29</p>
</section>
- <section name="Fixed in Apache Tomcat 5.5.29">
+ <section name="Fixed in Apache Tomcat 5.5.29" rtext="released 20 Apr 2010">
<p><strong>Low: Arbitrary file deletion and/or alteration on deploy</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2693">
@@ -103,6 +109,9 @@
<a href="http://svn.apache.org/viewvc?rev=902650&view=rev">
revision 902650</a>.</p>
+ <p>This was first reported to the Tomcat security team on 30 Jul 2009 and
+ made public on 1 Mar 2010.</p>
+
<p>Affects: 5.5.0-5.5.28</p>
<p><strong>Low: Insecure partial deploy after failed deploy</strong>
@@ -122,6 +131,9 @@
<a href="http://svn.apache.org/viewvc?rev=902650&view=rev">
revision 902650</a>.</p>
+ <p>This was first reported to the Tomcat security team on 30 Jul 2009 and
+ made public on 1 Mar 2010.</p>
+
<p>Affects: 5.5.0-5.5.28 (Windows only)</p>
<p><strong>Low: Unexpected file deletion in work directory</strong>
@@ -138,6 +150,9 @@
<a href="http://svn.apache.org/viewvc?rev=902650&view=rev">
revision 902650</a>.</p>
+ <p>This was first reported to the Tomcat security team on 30 Jul 2009 and
+ made public on 1 Mar 2010.</p>
+
<p>Affects: 5.5.0-5.5.28</p>
<p><strong>Low: Insecure default password</strong>
@@ -151,12 +166,15 @@
<p>Affects: 5.5.0-5.5.28</p>
+ <p>This was first reported to the Tomcat security team on 26 Oct 2009 and
+ made public on 9 Nov 2009.</p>
+
<p>This was fixed in
<a href="http://svn.apache.org/viewvc?rev=919006&view=rev">
revision 919006</a>.</p>
</section>
- <section name="Fixed in Apache Tomcat 5.5.28">
+ <section name="Fixed in Apache Tomcat 5.5.28" rtext="released 4 Sep 2009">
<p><strong>Important: Information Disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515">
CVE-2008-5515</a></p>
@@ -173,6 +191,9 @@
<a href="http://svn.apache.org/viewvc?rev=783291&view=rev">
revision 783291</a>.</p>
+ <p>This was first reported to the Tomcat security team on 11 Dec 2008 and
+ made public on 8 Jun 2009.</p>
+
<p>Affects: 5.5.0-5.5.27</p>
<p><strong>Important: Denial of Service</strong>
@@ -190,6 +211,9 @@
<a href="http://svn.apache.org/viewvc?rev=781362&view=rev">
revision 781362</a>.</p>
+ <p>This was first reported to the Tomcat security team on 26 Jan 2009 and
+ made public on 3 Jun 2009.</p>
+
<p>Affects: 5.5.0-5.5.27</p>
<p><strong>low: Information disclosure</strong>
@@ -207,6 +231,9 @@
<a href="http://svn.apache.org/viewvc?rev=781379&view=rev">
revision 781379</a>.</p>
+ <p>This was first reported to the Tomcat security team on 25 Feb 2009 and
+ made public on 3 Jun 2009.</p>
+
<p>Affects: 5.5.0-5.5.27 (Memory Realm), 5.5.0-5.5.5 (DataSource and JDBC
Realms)</p>
@@ -222,6 +249,9 @@
<a href="http://svn.apache.org/viewvc?rev=750928&view=rev">
revision 750928</a>.</p>
+ <p>This was first reported to the Tomcat security team on 5 Mar 2009 and
+ made public on 3 Jun 2009.</p>
+
<p>Affects: 5.5.0-5.5.27</p>
<p><strong>low: Information disclosure</strong>
@@ -243,6 +273,9 @@
<a href="http://svn.apache.org/viewvc?rev=781542&view=rev">
781542</a>.</p>
+ <p>This was first reported to the Tomcat security team on 2 Mar 2009 and
+ made public on 4 Jun 2009.</p>
+
<p>Affects: 5.5.0-5.5.27</p>
</section>
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1045265&r1=1045264&r2=1045265&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Mon Dec 13 17:59:40 2010
@@ -30,7 +30,7 @@
</section>
- <section name="Fixed in SVN for Apache Tomcat 6.0.30 (not yet released)">
+ <section name="Fixed in SVN for Apache Tomcat 6.0.30" rtext="not yet released">
<p><strong>moderate: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172">
@@ -44,11 +44,14 @@
<a href="http://svn.apache.org/viewvc?rev=1037779&view=rev">
revision 1037779</a>.</p>
+ <p>This was first reported to the Tomcat security team on 15 Nov 2010 and
+ made public on 22 Nov 2010.</p>
+
<p>Affects: 6.0.12-6.0.29</p>
</section>
- <section name="Fixed in Apache Tomcat 6.0.28">
+ <section name="Fixed in Apache Tomcat 6.0.28" rtext="released 9 Jul 2010">
<p><strong>Important: Remote Denial Of Service and Information Disclosure
Vulnerability</strong>
@@ -66,6 +69,9 @@
<a href="http://svn.apache.org/viewvc?rev=958977&view=rev">
revision 958977</a>.</p>
+ <p>This was first reported to the Tomcat security team on 14 Jun 2010 and
+ made public on 9 Jul 2010.</p>
+
<p>Affects: 6.0.0-6.0.27</p>
<p><i>Note: The issue below was fixed in Apache Tomcat 6.0.27 but the
@@ -92,11 +98,14 @@
<a href="http://svn.apache.org/viewvc?rev=936540&view=rev">
revision 936540</a>.</p>
+ <p>This was first reported to the Tomcat security team on 31 Dec 2009 and
+ made public on 21 Apr 2010.</p>
+
<p>Affects: 6.0.0-6.0.26</p>
</section>
- <section name="Fixed in Apache Tomcat 6.0.24">
+ <section name="Fixed in Apache Tomcat 6.0.24" rtext="released 21 Jan 2010">
<p><i>Note: These issues were fixed in Apache Tomcat 6.0.21 but the
release votes for the 6.0.21, 6.0.22 and 6.0.23 release candidates did
not pass. Therefore, although users must download 6.0.24 to obtain a
@@ -116,6 +125,9 @@
<a href="http://svn.apache.org/viewvc?rev=892815&view=rev">
revision 892815</a>.</p>
+ <p>This was first reported to the Tomcat security team on 30 Jul 2009 and
+ made public on 1 Mar 2010.</p>
+
<p>Affects: 6.0.0-6.0.20</p>
<p><strong>Low: Insecure partial deploy after failed deploy</strong>
@@ -135,6 +147,9 @@
<a href="http://svn.apache.org/viewvc?rev=892815&view=rev">
revision 892815</a>.</p>
+ <p>This was first reported to the Tomcat security team on 30 Jul 2009 and
+ made public on 1 Mar 2010.</p>
+
<p>Affects: 6.0.0-6.0.20 (Windows only)</p>
<p><strong>Low: Unexpected file deletion in work directory</strong>
@@ -151,6 +166,9 @@
<a href="http://svn.apache.org/viewvc?rev=892815&view=rev">
revision 892815</a>.</p>
+ <p>This was first reported to the Tomcat security team on 30 Jul 2009 and
+ made public on 1 Mar 2010.</p>
+
<p>Affects: 6.0.0-6.0.20</p>
<p><strong>Low: Insecure default password</strong>
@@ -166,11 +184,14 @@
<a href="http://svn.apache.org/viewvc?rev=881771&view=rev">
revision 881771</a>.</p>
+ <p>This was first reported to the Tomcat security team on 26 Oct 2009 and
+ made public on 9 Nov 2009.</p>
+
<p>Affects: 6.0.0-6.0.20</p>
</section>
- <section name="Fixed in Apache Tomcat 6.0.20">
+ <section name="Fixed in Apache Tomcat 6.0.20" rtext="released 3 Jun 2009">
<p><i>Note: These issues were fixed in Apache Tomcat 6.0.19 but the release
vote for that release candidate did not pass. Therefore, although users
must download 6.0.20 to obtain a version that includes fixes for these
@@ -190,6 +211,9 @@
<a href="http://svn.apache.org/viewvc?rev=734734&view=rev">
revision 734734</a>.</p>
+ <p>This was first reported to the Tomcat security team on 11 Dec 2008 and
+ made public on 8 Jun 2009.</p>
+
<p>Affects: 6.0.0-6.0.18</p>
<p><strong>Important: Denial of Service</strong>
@@ -207,6 +231,9 @@
<a href="http://svn.apache.org/viewvc?rev=742915&view=rev">
revision 742915</a>.</p>
+ <p>This was first reported to the Tomcat security team on 26 Jan 2009 and
+ made public on 3 Jun 2009.</p>
+
<p>Affects: 6.0.0-6.0.18</p>
<p><strong>low: Information disclosure</strong>
@@ -222,6 +249,9 @@
<a href="http://svn.apache.org/viewvc?rev=747840&view=rev">
revision 747840</a>.</p>
+ <p>This was first reported to the Tomcat security team on 25 Feb 2009 and
+ made public on 3 Jun 2009.</p>
+
<p>Affects: 6.0.0-6.0.18</p>
<p><strong>low: Cross-site scripting</strong>
@@ -236,6 +266,9 @@
<a href="http://svn.apache.org/viewvc?rev=750924&view=rev">
revision 750924</a>.</p>
+ <p>This was first reported to the Tomcat security team on 5 Mar 2009 and
+ made public on 3 Jun 2009.</p>
+
<p>Affects: 6.0.0-6.0.18</p>
<p><strong>low: Information disclosure</strong>
@@ -257,6 +290,9 @@
<a href="http://svn.apache.org/viewvc?rev=739522&view=rev">
739522</a>.</p>
+ <p>This was first reported to the Tomcat security team on 2 Mar 2009 and
+ made public on 4 Jun 2009.</p>
+
<p>Affects: 6.0.0-6.0.18</p>
</section>
Modified: tomcat/site/trunk/xdocs/security-7.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1045265&r1=1045264&r2=1045265&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Mon Dec 13 17:59:40 2010
@@ -25,7 +25,7 @@
<a href="mailto:security@tomcat.apache.org">Tomcat Security Team</a>.</p>
</section>
- <section name="Fixed in Apache Tomcat 7.0.5">
+ <section name="Fixed in Apache Tomcat 7.0.5 (released 1 Dec 2010)">
<p><strong>low: Cross-site scripting</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4172">
@@ -40,11 +40,14 @@
<a href="http://svn.apache.org/viewvc?rev=1037778&view=rev">
revision 1037778</a>.</p>
+ <p>This was first reported to the Tomcat security team on 15 Nov 2010 and
+ made public on 22 Nov 2010.</p>
+
<p>Affects: 7.0.0-7.0.4</p>
</section>
- <section name="Fixed in Apache Tomcat 7.0.2">
+ <section name="Fixed in Apache Tomcat 7.0.2 (released 11 Aug 2010)">
<p><i>Note: The issue below was fixed in Apache Tomcat 7.0.1 but the
release vote for the 7.0.1 release candidate did not pass. Therefore,
@@ -68,6 +71,9 @@
<a href="http://svn.apache.org/viewvc?rev=958911&view=rev">
revision 958911</a>.</p>
+ <p>This was first reported to the Tomcat security team on 14 Jun 2010 and
+ made public on 9 Jul 2010.</p>
+
<p>Affects: 7.0.0</p>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org