ports/154787: [maintainer-update] [patch] www/tomcat55: update to 5.5.33, security vulnerability addressed

Mon Feb 14 22:50:08 UTC 2011

>Number:         154787
>Category:       ports
>Synopsis:       [maintainer-update] [patch] www/tomcat55: update to 5.5.33, security vulnerability addressed
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Feb 14 22:50:07 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Jason Helfman
>Release:        FreeBSD 8.1-RELEASE i386
>Organization:
Experts Exchange, LLC.
>Environment:
System: FreeBSD eggman.experts-exchange.com 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:55:53 UTC 2010 root at almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386


	
>Description:
update tomcat55 to 5.5.33
built clean in tinderbox

http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32

low: Cross-site scripting CVE-2011-0013

The HTML Manager interface displayed web applciation provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administartive user when viewing the manager pages.

This was fixed in revision 1057518.

This was identified by the Tomcat security team on 12 Nov 2010 and made public on 5 Feb 2011.

Affects: 5.5.0-5.5.31

>How-To-Repeat:
	
>Fix:

Index: www/tomcat55/Makefile
===================================================================
RCS file: /home/jhelfman/ncvs/ports/www/tomcat55/Makefile,v
retrieving revision 1.57
diff -u -r1.57 Makefile

--- www/tomcat55/Makefile	8 Jan 2011 19:16:08 -0000	1.57
+++ www/tomcat55/Makefile	14 Feb 2011 20:32:46 -0000
@@ -6,8 +6,7 @@
 #
 
 PORTNAME=	tomcat
-PORTVERSION=	5.5.31
-PORTREVISION=	1
+PORTVERSION=	5.5.33
 CATEGORIES=	www java
 MASTER_SITES=	${MASTER_SITE_APACHE}
 MASTER_SITE_SUBDIR=	tomcat/tomcat-5/v${PORTVERSION}/bin
Index: www/tomcat55/distinfo
===================================================================
RCS file: /home/jhelfman/ncvs/ports/www/tomcat55/distinfo,v
retrieving revision 1.26
diff -u -r1.26 distinfo
--- www/tomcat55/distinfo	12 Dec 2010 01:09:28 -0000	1.26
+++ www/tomcat55/distinfo	14 Feb 2011 20:33:11 -0000
@@ -1,2 +1,2 @@
-SHA256 (apache-tomcat-5.5.31.tar.gz) = 9f02f47d2cf351bcff4c0d013a253c965ad0cc0fc0305d086f2f653022ccfa82
-SIZE (apache-tomcat-5.5.31.tar.gz) = 8277017
+SHA256 (apache-tomcat-5.5.33.tar.gz) = 47990518069cdffba2b8787a022bb7eacc4086d1432b2bf1da4e1ae4dfa2bc81
+SIZE (apache-tomcat-5.5.33.tar.gz) = 8205713
>Release-Note:
>Audit-Trail:
>Unformatted:

