You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2011/09/23 01:26:54 UTC

svn commit: r1174450 - in /tomcat/site/trunk: docs/security-5.html docs/security-6.html xdocs/security-5.xml xdocs/security-6.xml

Author: kkolinko
Date: Thu Sep 22 23:26:54 2011
New Revision: 1174450

URL: http://svn.apache.org/viewvc?rev=1174450&view=rev
Log:
Rearranged entries in "not in Tomcat" section in security-5.xml: newer ones are at the top.
Added Tomcat release numbers when a workaround was provided.

Modified:
    tomcat/site/trunk/docs/security-5.html
    tomcat/site/trunk/docs/security-6.html
    tomcat/site/trunk/xdocs/security-5.xml
    tomcat/site/trunk/xdocs/security-6.xml

Modified: tomcat/site/trunk/docs/security-5.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=1174450&r1=1174449&r2=1174450&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Thu Sep 22 23:26:54 2011
@@ -1702,7 +1702,8 @@
     </p>
 
     <p>A work-around for this JVM bug was provided in 
-       <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1066318">revision 1066318</a>.</p>
+       <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1066318">revision 1066318</a>.
+       This work-around is included in Tomcat 5.5.33 onwards.</p>
 
     <p>This was first reported to the Tomcat security team on 01 Feb 2011 and
        made public on 31 Jan 2011.</p>
@@ -1742,21 +1743,7 @@
     <p>A workaround was implemented in
        <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=904851">revision 904851</a>
        that provided the new <code>allowUnsafeLegacyRenegotiation</code>
-       attribute. This work around will be included in Tomcat 5.5.29 onwards.</p>
-
-    <p>
-<strong>JavaMail information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1754" rel="nofollow">CVE-2005-1754</a>
-</p>
-    <p>The vulnerability described is in the web application deployed on Tomcat
-       rather than in Tomcat.</p>
-
-    <p>
-<strong>JavaMail information disclosure</strong>
-       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1753" rel="nofollow">CVE-2005-1753</a>
-</p>
-    <p>The vulnerability described is in the web application deployed on Tomcat
-       rather than in Tomcat.</p>
+       attribute. This work around is included in Tomcat 5.5.29 onwards.</p>
 
     <p>
 <strong>important: Directory traversal</strong>
@@ -1790,6 +1777,20 @@
        encoding issues that may still exist in the JVM. This work around is
        included in Tomcat 5.5.27 onwards.</p>
 
+    <p>
+<strong>JavaMail information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1754" rel="nofollow">CVE-2005-1754</a>
+</p>
+    <p>The vulnerability described is in the web application deployed on Tomcat
+       rather than in Tomcat.</p>
+
+    <p>
+<strong>JavaMail information disclosure</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1753" rel="nofollow">CVE-2005-1753</a>
+</p>
+    <p>The vulnerability described is in the web application deployed on Tomcat
+       rather than in Tomcat.</p>
+
   </blockquote>
 </p>
 </td>

Modified: tomcat/site/trunk/docs/security-6.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=1174450&r1=1174449&r2=1174450&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Thu Sep 22 23:26:54 2011
@@ -1504,7 +1504,8 @@
     </p>
 
     <p>A work-around for this JVM bug was provided in 
-       <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1066315">revision 1066315</a>.</p>
+       <a href="http://svn.apache.org/viewvc?view=rev&amp;rev=1066315">revision 1066315</a>.
+       This work-around is included in Tomcat 6.0.32 onwards.</p>
 
     <p>This was first reported to the Tomcat security team on 01 Feb 2011 and
        made public on 31 Jan 2011.</p>

Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=1174450&r1=1174449&r2=1174450&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Thu Sep 22 23:26:54 2011
@@ -773,7 +773,8 @@
     </p>
 
     <p>A work-around for this JVM bug was provided in 
-       <revlink rev="1066318">revision 1066318</revlink>.</p>
+       <revlink rev="1066318">revision 1066318</revlink>.
+       This work-around is included in Tomcat 5.5.33 onwards.</p>
 
     <p>This was first reported to the Tomcat security team on 01 Feb 2011 and
        made public on 31 Jan 2011.</p>
@@ -811,17 +812,7 @@
     <p>A workaround was implemented in
        <revlink rev="904851">revision 904851</revlink>
        that provided the new <code>allowUnsafeLegacyRenegotiation</code>
-       attribute. This work around will be included in Tomcat 5.5.29 onwards.</p>
-
-    <p><strong>JavaMail information disclosure</strong>
-       <cve>CVE-2005-1754</cve></p>
-    <p>The vulnerability described is in the web application deployed on Tomcat
-       rather than in Tomcat.</p>
-
-    <p><strong>JavaMail information disclosure</strong>
-       <cve>CVE-2005-1753</cve></p>
-    <p>The vulnerability described is in the web application deployed on Tomcat
-       rather than in Tomcat.</p>
+       attribute. This work around is included in Tomcat 5.5.29 onwards.</p>
 
     <p><strong>important: Directory traversal</strong>
        <cve>CVE-2008-2938</cve></p>
@@ -853,6 +844,16 @@
        encoding issues that may still exist in the JVM. This work around is
        included in Tomcat 5.5.27 onwards.</p>
 
+    <p><strong>JavaMail information disclosure</strong>
+       <cve>CVE-2005-1754</cve></p>
+    <p>The vulnerability described is in the web application deployed on Tomcat
+       rather than in Tomcat.</p>
+
+    <p><strong>JavaMail information disclosure</strong>
+       <cve>CVE-2005-1753</cve></p>
+    <p>The vulnerability described is in the web application deployed on Tomcat
+       rather than in Tomcat.</p>
+
   </section>
 
 </body>

Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=1174450&r1=1174449&r2=1174450&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Thu Sep 22 23:26:54 2011
@@ -719,7 +719,8 @@
     </p>
 
     <p>A work-around for this JVM bug was provided in 
-       <revlink rev="1066315">revision 1066315</revlink>.</p>
+       <revlink rev="1066315">revision 1066315</revlink>.
+       This work-around is included in Tomcat 6.0.32 onwards.</p>
 
     <p>This was first reported to the Tomcat security team on 01 Feb 2011 and
        made public on 31 Jan 2011.</p>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org