tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r1104200 - in /tomcat/site/trunk: docs/security-7.html xdocs/security-7.xml
Date Tue, 17 May 2011 12:41:33 GMT
Author: markt
Date: Tue May 17 12:41:32 2011
New Revision: 1104200

URL: http://svn.apache.org/viewvc?rev=1104200&view=rev
Log:
Update for 7.0.14 release

Modified:
    tomcat/site/trunk/docs/security-7.html
    tomcat/site/trunk/xdocs/security-7.xml

Modified: tomcat/site/trunk/docs/security-7.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1104200&r1=1104199&r2=1104200&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Tue May 17 12:41:32 2011
@@ -215,6 +215,9 @@
 <a href="#Apache_Tomcat_7.x_vulnerabilities">Apache Tomcat 7.x vulnerabilities</a>
 </li>
 <li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.14_(released_12_May_2011)">Fixed in Apache Tomcat
7.0.14 (released 12 May 2011)</a>
+</li>
+<li>
 <a href="#Fixed_in_Apache_Tomcat_7.0.12_(released_6_Apr_2011)">Fixed in Apache Tomcat
7.0.12 (released 6 Apr 2011)</a>
 </li>
 <li>
@@ -290,6 +293,53 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 7.0.14 (released 12 May 2011)">
+<!--()-->
+</a>
+<a name="Fixed_in_Apache_Tomcat_7.0.14_(released_12_May_2011)">
+<strong>Fixed in Apache Tomcat 7.0.14 (released 12 May 2011)</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+
+    <p>
+<strong>Important: Security constraint bypass</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1582">
+       CVE-2011-1582</a>
+</p>
+
+    <p>An error in the fixes for CVE-2011-1088/CVE-2011-1183 meant that security
+       constraints configured via annotations were ignored on the first request
+       to a Servlet. Subsequent requests were secured correctly.</p>
+
+    <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=1100832&amp;view=rev">
+       revision 1100832</a>.</p>
+
+    <p>This was identified by the Tomcat security team on 13 April 2011 and
+       made public on 17 May 2011.</p>
+
+    <p>Affects: 7.0.12-7.0.13</p>
+  
+  </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
 <a name="Fixed in Apache Tomcat 7.0.12 (released 6 Apr 2011)">
 <!--()-->
 </a>

Modified: tomcat/site/trunk/xdocs/security-7.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1104200&r1=1104199&r2=1104200&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Tue May 17 12:41:32 2011
@@ -25,6 +25,27 @@
        <a href="mailto:security@tomcat.apache.org">Tomcat Security Team</a>.</p>
   </section>
 
+  <section name="Fixed in Apache Tomcat 7.0.14 (released 12 May 2011)">
+
+    <p><strong>Important: Security constraint bypass</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1582">
+       CVE-2011-1582</a></p>
+
+    <p>An error in the fixes for CVE-2011-1088/CVE-2011-1183 meant that security
+       constraints configured via annotations were ignored on the first request
+       to a Servlet. Subsequent requests were secured correctly.</p>
+
+    <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=1100832&amp;view=rev">
+       revision 1100832</a>.</p>
+
+    <p>This was identified by the Tomcat security team on 13 April 2011 and
+       made public on 17 May 2011.</p>
+
+    <p>Affects: 7.0.12-7.0.13</p>
+  
+  </section>
+
   <section name="Fixed in Apache Tomcat 7.0.12 (released 6 Apr 2011)">
 
     <p><strong>Important: Information disclosure</strong>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message