Bug 154787 - [maintainer-update] [patch] www/tomcat55: update to 5.5.33, security vulnerability addressed
Summary: [maintainer-update] [patch] www/tomcat55: update to 5.5.33, security vulnerab...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Wen Heping
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-02-14 22:50 UTC by Jason Helfman
Modified: 2011-02-15 08:11 UTC (History)
0 users

See Also:


Attachments
file.diff (1.14 KB, patch)
2011-02-14 22:50 UTC, Jason Helfman
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jason Helfman 2011-02-14 22:50:07 UTC
update tomcat55 to 5.5.33
built clean in tinderbox

http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32

low: Cross-site scripting CVE-2011-0013

The HTML Manager interface displayed web applciation provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administartive user when viewing the manager pages.

This was fixed in revision 1057518.

This was identified by the Tomcat security team on 12 Nov 2010 and made public on 5 Feb 2011.

Affects: 5.5.0-5.5.31
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2011-02-14 22:50:15 UTC
Class Changed
From-To: maintainer-update->change-request

Fix category (submitter is not maintainer) (via the GNATS Auto Assign 
Tool)
Comment 2 Edwin Groothuis freebsd_committer freebsd_triage 2011-02-14 22:50:19 UTC
Responsible Changed
From-To: freebsd-ports-bugs->jhelfman

Submitter has GNATS access (via the GNATS Auto Assign Tool)
Comment 3 Edwin Groothuis freebsd_committer freebsd_triage 2011-02-14 22:50:21 UTC
Maintainer of www/tomcat55,

Please note that PR ports/154787 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.

The full text of the PR can be found at:
    http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/154787

-- 
Edwin Groothuis via the GNATS Auto Assign Tool
edwin@FreeBSD.org
Comment 4 Edwin Groothuis freebsd_committer freebsd_triage 2011-02-14 22:50:23 UTC
State Changed
From-To: open->feedback

Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 5 Jason 2011-02-15 05:09:25 UTC
I am uncertain how this happened, as I updated all applicable fields for
email to be jhelfman@experts-exchange.com, however it indicates
jhelfman@freebsd.org.

Can you please update all email addresses to reflect this address?
I am maintainer, and do approve of this.
Thanks!

-- 
Jason Helfman
System Administrator
experts-exchange.com
http://www.experts-exchange.com/M_4830110.html
E4AD 7CF1 1396 27F6 79DD  4342 5E92 AD66 8C8C FBA5
Comment 6 dfilter service freebsd_committer freebsd_triage 2011-02-15 07:22:31 UTC
wen         2011-02-15 07:22:27 UTC

  FreeBSD ports repository

  Modified files:
    www/tomcat55         Makefile distinfo 
  Log:
  - Update to 5.5.33
  
  PR:             ports/154787
  Submitted by:   Jason Helfman <jhelfman@experts-exchange.com> (maintainer)
  
  Revision  Changes    Path
  1.58      +3 -4      ports/www/tomcat55/Makefile
  1.27      +2 -2      ports/www/tomcat55/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 7 Wen Heping freebsd_committer freebsd_triage 2011-02-15 07:23:30 UTC
State Changed
From-To: feedback->closed

Committed. Thanks!
Comment 8 Mark Linimon freebsd_committer freebsd_triage 2011-02-15 08:10:23 UTC
Responsible Changed
From-To: jhelfman->wen

Fix up bogus email address which led to bogus assignment.