[SECURITY] Fedora 12 Update: tomcat6-6.0.26-3.fc12

updates at fedoraproject.org updates at fedoraproject.org
Mon Nov 1 20:55:02 UTC 2010 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-16248
2010-10-14 06:01:21
--------------------------------------------------------------------------------

Name        : tomcat6
Product     : Fedora 12
Version     : 6.0.26
Release     : 3.fc12
URL         : http://tomcat.apache.org/
Summary     : Apache Servlet/JSP Engine, RI for Servlet 2.5/JSP 2.1 API
Description :
Tomcat is the servlet container that is used in the official Reference
Implementation for the Java Servlet and JavaServer Pages technologies.
The Java Servlet and JavaServer Pages specifications are developed by
Sun under the Java Community Process.

Tomcat is developed in an open and participatory environment and
released under the Apache Software License version 2.0. Tomcat is intended
to be a collaboration of the best-of-breed developers from around the world.

--------------------------------------------------------------------------------
Update Information:

* Includes security fix for cve-2010-2227. 
* Package updated to new upstream version tomcat-6.0.26
* commons-dbcp-tomcat5, commons-collections-tomcat5, and commons-pool-tomcat5 have been dropped in favor of commons-collections, commons-pool, and commons-dbcp
* Directory permissions fixed
* tomcat user shell fixed

--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 12 2010 David Knox <dknox at redhat.com> 0:6.0.26-3
- resolves: rhbz#641102
* Thu Oct  7 2010 David Knox <dknox at redhat.com> 0:6.0.26-1
- copied spec and patches from f13 to bring f12 up to date
- with all tomcat6 fedora.
* Mon Oct  4 2010 David Knox <dknox at redhat.com> 0:6.0.26-10
- ant-nodeps is breaking the build. Put ant-nodeps on the 
- OPT_JAR_LIST
* Fri Oct  1 2010 David Knox <dknox at rehat.com> 0:6.0.26-9
- Resolves rhbz#575341 - Additionally created instances of Tomcat 
- are broken
* Fri Jul  2 2010 David Knox <dknox at rehat.com> 0:6.0.26-8
- LSB initscript compliance
* Thu Jul  1 2010 David Knox <dknox at redhat.com> 0:6.0.26-7
- Made elspec the standard for elspec %post and %postun.
* Tue Jun 29 2010 David Knox <dknox at redhat.com> 0:6.0.26-6
- Completed package and file sections. Added el-spec. Fixed
- directory permission problems.
* Thu May  6 2010 David Knox <dknox at redhat.com> 0:6.0.26-5
- Working on 589145. Tomcat can't find java compiler for java.
* Thu Apr  8 2010 David Knox <dknox at redhat.com> 0:6.0.26-4
- Moved build-jar-repository to later in the install process.
* Tue Apr  6 2010 David Knox <dknox at redhat.com> 0:6.0.26-3
- Incremented the Release tag to 3 to avoid any confusion about which
- is the most recent
* Tue Apr  6 2010 David Knox <dknox at redhat.com> 0:6.0.26-1
- Solved packaging problems involving taglibs-standard
- Solved packaging problems involving jakarta-commons
- Corrected Requires(post) to Requires and checked companion BuildRequires
* Mon Mar 29 2010 David Knox <dknox at redhat.com> 0:6.0.26-2
- Update source to tomcat6.0.26
- Bugzilla 572357 - Please retest. 
- OSGi manifests for servlet-api and jsp-api
* Fri Mar 26 2010 Mary Ellen Foster <mefoster at gmail.com> 0:6.0.24-2
- Add maven POMs and metadata
- Link tomcat6-juli into /usr/share/java/tomcat6
* Mon Mar  1 2010 Alexander Kurtakov <akurtako at redhat.com> 0:6.0.24-1
- Update to 6.0.24.
* Tue Dec 22 2009 Alexander Kurtakov <akurtako at redhat.com> 0:6.0.20-2
- Drop file requires on /usr/share/java/ecj.jar.
* Mon Nov  9 2009 Alexander Kurtakov <akurtako at redhat.com> 0:6.0.20-1
- Update to 6.0.20. Fixes CVE-2009-0033,CVE-2009-0580.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #612799 - CVE-2010-2227 tomcat: information leak vulnerability in the handling of 'Transfer-Encoding' header
        https://bugzilla.redhat.com/show_bug.cgi?id=612799
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update tomcat6' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list