- fix bnc#793394 - bypass of security constraints (CVE-2012-3546)
* apache-tomcat-CVE-2012-3546.patch
http://svn.apache.org/viewvc?view=revision&revision=1381035
- fix bnc#793391 - bypass of CSRF prevention filter (CVE-2012-4431)
* apache-tomcat-CVE-2012-4431.patch
http://svn.apache.org/viewvc?view=revision&revision=1394456
- document how to protect against slowloris DoS (CVE-2012-5568/bnc#791679)
in README.SUSE
- fixes
bnc#791423 - cnonce tracking weakness (CVE-2012-5885)
bnc#791424 - authentication caching weakness (CVE-2012-5886)
bnc#791426 - stale nonce weakness (CVE-2012-5887)
* apache-tomcat-CVE-2009-2693-CVE-2009-2901-CVE-2009-2902.patch
http://svn.apache.org/viewvc?view=revision&revision=1380829
- fix bnc#789406 - HTTP NIO connector OOM DoS via a request with
large headers (CVE-2012-2733)
* http://svn.apache.org/viewvc?view=revision&revision=1356208
- Submitted by Stefan Lijewski (lijews)