| tomcat5-jasper-5.5.23-0jpp.40.el5_9.x86_64
              [1.1 MiB] | Changelog
              by David Knox (2013-05-23): - Related: CVE-2013-1976 It was found during additional testing
- that the tomcat5 init may fail to start because the user
- shell is set to sbin/nologin. Fixed in init scrip. SU now
- uses -s /bin/sh during startup | 
            | tomcat5-jasper-5.5.23-0jpp.38.el5_9.x86_64
              [1.1 MiB] | Changelog
              by David Knox (2013-02-21): - Resolves: CVE-2012-3439 rhbz#882008 three DIGEST authentication
- implementation
- Resolves: CVE-2012-3546, rhbz#913034 Bypass of security constraints.
- Remove unneeded handling of FORM authentication in RealmBase | 
            | tomcat5-jasper-5.5.23-0jpp.31.el5_8.x86_64
              [1.1 MiB] | Changelog
              by David Knox (2012-03-29): - Resolves: CVE-2012 regression. Changed patch file. | 
            | tomcat5-jasper-5.5.23-0jpp.22.el5_7.x86_64
              [1.1 MiB] | Changelog
              by David Knox (2011-11-08): - Resolves: CVE-2011-0013 rhbz 675931
- Resolves: CVE-2010-3718 rhbz 675931
- Resolves: CVE-2011-1184 rhbz 744983
- Resolves: CVE-2011-2204 rhbz 719181 | 
            | tomcat5-jasper-5.5.23-0jpp.17.el5_6.x86_64
              [1.1 MiB] | Changelog
              by David Knox (2011-02-03): - Resolves: rhbz 674599 JDK Double.parseDouble DoS | 
            | tomcat5-jasper-5.5.23-0jpp.9.el5_5.x86_64
              [1.1 MiB] | Changelog
              by David Knox (2010-07-29): - Resolves: rhbz#619424 fixed servlet-api typo. serve4-api to servlet-api
- RHSA-2010:9748 | 
            | tomcat5-jasper-5.5.23-0jpp.7.el5_3.2.x86_64
              [1.1 MiB] | Changelog
              by Fernando Nasser (2009-06-25): - Actually add the patch files this time
  Resolves: rhbz#427779
  Resolves: rhbz#504758
  Resolves: rhbz#503980
  Resolves: rhbz#504162 | 
            | tomcat5-jasper-5.5.23-0jpp.7.el5_2.1.x86_64
              [1.1 MiB] | Changelog
              by David Walluck (2008-08-22): - add patch for CVE-2008-1232
  Resolves: rhbz#457727
- add patch for CVE-2008-1947
  Resolves: rhbz#449916
- add patch for CVE-2008-2370
  Resolves: rhbz#458634
- add patch for CVE-2008-2938
  Resolves: rhbz#456214 | 
            | tomcat5-jasper-5.5.23-0jpp.3.0.3.el5_1.x86_64
              [1.1 MiB] | Changelog
              by Deepak Bhole (2008-02-27): - Patch for CVE-2007-5342
  Resolves: bz# 427776
- Patch for CVE-2007-5461
  Resolves: bz# 334561 | 
            | tomcat5-jasper-5.5.23-0jpp.3.0.2.el5.x86_64
              [1.1 MiB] | Changelog
              by Fernando Nasser (2007-08-30): From jean-frederic clere <jclere@redhat.com>:
- Patch for CVE-2007-3382 and CVE-2007-3385
  Resolves: rhbz#254155 | 
            | tomcat5-jasper-5.5.23-0jpp.1.0.4.x86_64
              [1.1 MiB] | Changelog
              by Vivek Lakshmanan (2007-06-21): - Remove erroneous rebuild-gcj-db for javadoc subpackage
- Add fixes for CVE-2007-2449 and CVE-2007-2450
- resolves: bug 244846, bug 244816 |