Date: Thu, 10 Oct 2002 15:51:09 -0700 (PDT) From: Ernst de Haan <znerd@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/www/jakarta-tomcat4 Makefile distinfo pkg-plist Message-ID: <200210102251.g9AMp9kW070891@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
znerd 2002/10/10 15:51:09 PDT
Modified files:
www/jakarta-tomcat4 Makefile distinfo pkg-plist
Log:
Upgrade to Tomcat 4.0.6, released on 9 October 2002. From the
News & Status page:
A security vulnerability has been confirmed to exist in
Apache Tomcat 4.0.x releases (including Tomcat 4.0.5),
which allows to use a specially crafted URL to return the
unprocessed source of a JSP page, or, under special
circumstances, a static resource which would otherwise have been
protected by security constraint, without the need for being
properly authenticated. This is based on a variant of the
exploit that was disclosed on
09/24/2002.
See:
http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.6/RELEASE-NOTES
Revision Changes Path
1.43 +1 -2 ports/www/jakarta-tomcat4/Makefile
1.9 +1 -1 ports/www/jakarta-tomcat4/distinfo
1.18 +497 -93 ports/www/jakarta-tomcat4/pkg-plist
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210102251.g9AMp9kW070891>