Return-Path: 
 <dev-return-116287-apmail-tomcat-dev-archive=tomcat.apache.org@tomcat.apache.org>
X-Original-To: apmail-tomcat-dev-archive@www.apache.org
Delivered-To: apmail-tomcat-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 82C3F4EE2
	for <apmail-tomcat-dev-archive@www.apache.org>;
 Tue, 17 May 2011 12:41:55 +0000 (UTC)
Received: (qmail 48867 invoked by uid 500); 17 May 2011 12:41:54 -0000
Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org
Received: (qmail 48804 invoked by uid 500); 17 May 2011 12:41:54 -0000
Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@tomcat.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@tomcat.apache.org>
List-Post: <mailto:dev@tomcat.apache.org>
List-Id: <dev.tomcat.apache.org>
Reply-To: "Tomcat Developers List" <dev@tomcat.apache.org>
Delivered-To: mailing list dev@tomcat.apache.org
Received: (qmail 48795 invoked by uid 99); 17 May 2011 12:41:54 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 May 2011 12:41:54 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 May 2011 12:41:53 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
	id 5182423888EA; Tue, 17 May 2011 12:41:33 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1104200 - in /tomcat/site/trunk: docs/security-7.html
 xdocs/security-7.xml
Date: Tue, 17 May 2011 12:41:33 -0000
To: dev@tomcat.apache.org
From: markt@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20110517124133.5182423888EA@eris.apache.org>

Author: markt
Date: Tue May 17 12:41:32 2011
New Revision: 1104200

URL: http://svn.apache.org/viewvc?rev=1104200&view=rev
Log:
Update for 7.0.14 release

Modified:
    tomcat/site/trunk/docs/security-7.html
    tomcat/site/trunk/xdocs/security-7.xml

Modified: tomcat/site/trunk/docs/security-7.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1104200&r1=1104199&r2=1104200&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Tue May 17 12:41:32 2011
@@ -215,6 +215,9 @@
 <a href="#Apache_Tomcat_7.x_vulnerabilities">Apache Tomcat 7.x vulnerabilities</a>
 </li>
 <li>
+<a href="#Fixed_in_Apache_Tomcat_7.0.14_(released_12_May_2011)">Fixed in Apache Tomcat 7.0.14 (released 12 May 2011)</a>
+</li>
+<li>
 <a href="#Fixed_in_Apache_Tomcat_7.0.12_(released_6_Apr_2011)">Fixed in Apache Tomcat 7.0.12 (released 6 Apr 2011)</a>
 </li>
 <li>
@@ -290,6 +293,53 @@
 <tr>
 <td bgcolor="#525D76">
 <font color="#ffffff" face="arial,helvetica,sanserif">
+<a name="Fixed in Apache Tomcat 7.0.14 (released 12 May 2011)">
+<!--()-->
+</a>
+<a name="Fixed_in_Apache_Tomcat_7.0.14_(released_12_May_2011)">
+<strong>Fixed in Apache Tomcat 7.0.14 (released 12 May 2011)</strong>
+</a>
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<p>
+<blockquote>
+
+    <p>
+<strong>Important: Security constraint bypass</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1582">
+       CVE-2011-1582</a>
+</p>
+
+    <p>An error in the fixes for CVE-2011-1088/CVE-2011-1183 meant that security
+       constraints configured via annotations were ignored on the first request
+       to a Servlet. Subsequent requests were secured correctly.</p>
+
+    <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=1100832&amp;view=rev">
+       revision 1100832</a>.</p>
+
+    <p>This was identified by the Tomcat security team on 13 April 2011 and
+       made public on 17 May 2011.</p>
+
+    <p>Affects: 7.0.12-7.0.13</p>
+  
+  </blockquote>
+</p>
+</td>
+</tr>
+<tr>
+<td>
+<br/>
+</td>
+</tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2" width="100%">
+<tr>
+<td bgcolor="#525D76">
+<font color="#ffffff" face="arial,helvetica,sanserif">
 <a name="Fixed in Apache Tomcat 7.0.12 (released 6 Apr 2011)">
 <!--()-->
 </a>

Modified: tomcat/site/trunk/xdocs/security-7.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1104200&r1=1104199&r2=1104200&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Tue May 17 12:41:32 2011
@@ -25,6 +25,27 @@
        <a href="mailto:security@tomcat.apache.org">Tomcat Security Team</a>.</p>
   </section>
 
+  <section name="Fixed in Apache Tomcat 7.0.14 (released 12 May 2011)">
+
+    <p><strong>Important: Security constraint bypass</strong>
+       <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1582">
+       CVE-2011-1582</a></p>
+
+    <p>An error in the fixes for CVE-2011-1088/CVE-2011-1183 meant that security
+       constraints configured via annotations were ignored on the first request
+       to a Servlet. Subsequent requests were secured correctly.</p>
+
+    <p>This was fixed in
+       <a href="http://svn.apache.org/viewvc?rev=1100832&amp;view=rev">
+       revision 1100832</a>.</p>
+
+    <p>This was identified by the Tomcat security team on 13 April 2011 and
+       made public on 17 May 2011.</p>
+
+    <p>Affects: 7.0.12-7.0.13</p>
+  
+  </section>
+
   <section name="Fixed in Apache Tomcat 7.0.12 (released 6 Apr 2011)">
 
     <p><strong>Important: Information disclosure</strong>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org