You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2011/09/23 01:26:54 UTC
svn commit: r1174450 - in /tomcat/site/trunk: docs/security-5.html
docs/security-6.html xdocs/security-5.xml xdocs/security-6.xml
Author: kkolinko
Date: Thu Sep 22 23:26:54 2011
New Revision: 1174450
URL: http://svn.apache.org/viewvc?rev=1174450&view=rev
Log:
Rearranged entries in "not in Tomcat" section in security-5.xml: newer ones are at the top.
Added Tomcat release numbers when a workaround was provided.
Modified:
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-6.xml
Modified: tomcat/site/trunk/docs/security-5.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=1174450&r1=1174449&r2=1174450&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Thu Sep 22 23:26:54 2011
@@ -1702,7 +1702,8 @@
</p>
<p>A work-around for this JVM bug was provided in
- <a href="http://svn.apache.org/viewvc?view=rev&rev=1066318">revision 1066318</a>.</p>
+ <a href="http://svn.apache.org/viewvc?view=rev&rev=1066318">revision 1066318</a>.
+ This work-around is included in Tomcat 5.5.33 onwards.</p>
<p>This was first reported to the Tomcat security team on 01 Feb 2011 and
made public on 31 Jan 2011.</p>
@@ -1742,21 +1743,7 @@
<p>A workaround was implemented in
<a href="http://svn.apache.org/viewvc?view=rev&rev=904851">revision 904851</a>
that provided the new <code>allowUnsafeLegacyRenegotiation</code>
- attribute. This work around will be included in Tomcat 5.5.29 onwards.</p>
-
- <p>
-<strong>JavaMail information disclosure</strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1754" rel="nofollow">CVE-2005-1754</a>
-</p>
- <p>The vulnerability described is in the web application deployed on Tomcat
- rather than in Tomcat.</p>
-
- <p>
-<strong>JavaMail information disclosure</strong>
- <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1753" rel="nofollow">CVE-2005-1753</a>
-</p>
- <p>The vulnerability described is in the web application deployed on Tomcat
- rather than in Tomcat.</p>
+ attribute. This work around is included in Tomcat 5.5.29 onwards.</p>
<p>
<strong>important: Directory traversal</strong>
@@ -1790,6 +1777,20 @@
encoding issues that may still exist in the JVM. This work around is
included in Tomcat 5.5.27 onwards.</p>
+ <p>
+<strong>JavaMail information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1754" rel="nofollow">CVE-2005-1754</a>
+</p>
+ <p>The vulnerability described is in the web application deployed on Tomcat
+ rather than in Tomcat.</p>
+
+ <p>
+<strong>JavaMail information disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1753" rel="nofollow">CVE-2005-1753</a>
+</p>
+ <p>The vulnerability described is in the web application deployed on Tomcat
+ rather than in Tomcat.</p>
+
</blockquote>
</p>
</td>
Modified: tomcat/site/trunk/docs/security-6.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1174450&r1=1174449&r2=1174450&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Thu Sep 22 23:26:54 2011
@@ -1504,7 +1504,8 @@
</p>
<p>A work-around for this JVM bug was provided in
- <a href="http://svn.apache.org/viewvc?view=rev&rev=1066315">revision 1066315</a>.</p>
+ <a href="http://svn.apache.org/viewvc?view=rev&rev=1066315">revision 1066315</a>.
+ This work-around is included in Tomcat 6.0.32 onwards.</p>
<p>This was first reported to the Tomcat security team on 01 Feb 2011 and
made public on 31 Jan 2011.</p>
Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=1174450&r1=1174449&r2=1174450&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Thu Sep 22 23:26:54 2011
@@ -773,7 +773,8 @@
</p>
<p>A work-around for this JVM bug was provided in
- <revlink rev="1066318">revision 1066318</revlink>.</p>
+ <revlink rev="1066318">revision 1066318</revlink>.
+ This work-around is included in Tomcat 5.5.33 onwards.</p>
<p>This was first reported to the Tomcat security team on 01 Feb 2011 and
made public on 31 Jan 2011.</p>
@@ -811,17 +812,7 @@
<p>A workaround was implemented in
<revlink rev="904851">revision 904851</revlink>
that provided the new <code>allowUnsafeLegacyRenegotiation</code>
- attribute. This work around will be included in Tomcat 5.5.29 onwards.</p>
-
- <p><strong>JavaMail information disclosure</strong>
- <cve>CVE-2005-1754</cve></p>
- <p>The vulnerability described is in the web application deployed on Tomcat
- rather than in Tomcat.</p>
-
- <p><strong>JavaMail information disclosure</strong>
- <cve>CVE-2005-1753</cve></p>
- <p>The vulnerability described is in the web application deployed on Tomcat
- rather than in Tomcat.</p>
+ attribute. This work around is included in Tomcat 5.5.29 onwards.</p>
<p><strong>important: Directory traversal</strong>
<cve>CVE-2008-2938</cve></p>
@@ -853,6 +844,16 @@
encoding issues that may still exist in the JVM. This work around is
included in Tomcat 5.5.27 onwards.</p>
+ <p><strong>JavaMail information disclosure</strong>
+ <cve>CVE-2005-1754</cve></p>
+ <p>The vulnerability described is in the web application deployed on Tomcat
+ rather than in Tomcat.</p>
+
+ <p><strong>JavaMail information disclosure</strong>
+ <cve>CVE-2005-1753</cve></p>
+ <p>The vulnerability described is in the web application deployed on Tomcat
+ rather than in Tomcat.</p>
+
</section>
</body>
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1174450&r1=1174449&r2=1174450&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Thu Sep 22 23:26:54 2011
@@ -719,7 +719,8 @@
</p>
<p>A work-around for this JVM bug was provided in
- <revlink rev="1066315">revision 1066315</revlink>.</p>
+ <revlink rev="1066315">revision 1066315</revlink>.
+ This work-around is included in Tomcat 6.0.32 onwards.</p>
<p>This was first reported to the Tomcat security team on 01 Feb 2011 and
made public on 31 Jan 2011.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org