Date: Mon, 14 Feb 2011 14:46:44 -0800 From: Jason Helfman <jhelfman@FreeBSD.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/154787: [maintainer-update] [patch] www/tomcat55: update to 5.5.33, security vulnerability addressed Message-ID: <1297723604.730336.73405.nullmailer@experts-exchange.com> Resent-Message-ID: <201102142250.p1EMo8sO026913@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 154787 >Category: ports >Synopsis: [maintainer-update] [patch] www/tomcat55: update to 5.5.33, security vulnerability addressed >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Mon Feb 14 22:50:07 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Jason Helfman >Release: FreeBSD 8.1-RELEASE i386 >Organization: Experts Exchange, LLC. >Environment: System: FreeBSD eggman.experts-exchange.com 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:55:53 UTC 2010 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: update tomcat55 to 5.5.33 built clean in tinderbox http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32 low: Cross-site scripting CVE-2011-0013 The HTML Manager interface displayed web applciation provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administartive user when viewing the manager pages. This was fixed in revision 1057518. This was identified by the Tomcat security team on 12 Nov 2010 and made public on 5 Feb 2011. Affects: 5.5.0-5.5.31 >How-To-Repeat: >Fix: Index: www/tomcat55/Makefile =================================================================== RCS file: /home/jhelfman/ncvs/ports/www/tomcat55/Makefile,v retrieving revision 1.57 diff -u -r1.57 Makefile --- www/tomcat55/Makefile 8 Jan 2011 19:16:08 -0000 1.57 +++ www/tomcat55/Makefile 14 Feb 2011 20:32:46 -0000 @@ -6,8 +6,7 @@ # PORTNAME= tomcat -PORTVERSION= 5.5.31 -PORTREVISION= 1 +PORTVERSION= 5.5.33 CATEGORIES= www java MASTER_SITES= ${MASTER_SITE_APACHE} MASTER_SITE_SUBDIR= tomcat/tomcat-5/v${PORTVERSION}/bin Index: www/tomcat55/distinfo =================================================================== RCS file: /home/jhelfman/ncvs/ports/www/tomcat55/distinfo,v retrieving revision 1.26 diff -u -r1.26 distinfo --- www/tomcat55/distinfo 12 Dec 2010 01:09:28 -0000 1.26 +++ www/tomcat55/distinfo 14 Feb 2011 20:33:11 -0000 @@ -1,2 +1,2 @@ -SHA256 (apache-tomcat-5.5.31.tar.gz) = 9f02f47d2cf351bcff4c0d013a253c965ad0cc0fc0305d086f2f653022ccfa82 -SIZE (apache-tomcat-5.5.31.tar.gz) = 8277017 +SHA256 (apache-tomcat-5.5.33.tar.gz) = 47990518069cdffba2b8787a022bb7eacc4086d1432b2bf1da4e1ae4dfa2bc81 +SIZE (apache-tomcat-5.5.33.tar.gz) = 8205713 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1297723604.730336.73405.nullmailer>