Accepted tomcat7 7.0.28-4+deb7u3 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 11 Jan 2016 12:38:23 +0100
Source: tomcat7
Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs
Architecture: source all
Version: 7.0.28-4+deb7u3
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebourg@apache.org>
Description:
libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes
libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation
libtomcat7-java - Servlet and JSP engine -- core libraries
tomcat7 - Servlet and JSP engine
tomcat7-admin - Servlet and JSP engine -- admin web applications
tomcat7-common - Servlet and JSP engine -- common files
tomcat7-docs - Servlet and JSP engine -- documentation
tomcat7-examples - Servlet and JSP engine -- example web applications
tomcat7-user - Servlet and JSP engine -- tools to create user instances
Changes:
tomcat7 (7.0.28-4+deb7u3) wheezy-security; urgency=high
.
* Team upload.
* Fixed CVE-2014-7810: Malicious web applications could use expression
language to bypass the protections of a Security Manager as expressions
were evaluated within a privileged code section.
* Fixed CVE-2014-0099: Check for overflow when parsing the request content
length header. This exposed a request smuggling vulnerability when Tomcat
was located behind a reverse proxy that correctly processed the content
length header.
* Fixed CVE-2013-4444: Remove serialization support from FileItem to prevent
a remote code execution vulnerablity in very limited circumstances.
* Fixed CVE-2014-0075: Malformed chunk size as part of a chuncked request
could enable the streaming of an unlimited amount of data to the server,
bypassing the various size limits enforced on a request. This enabled
a denial of service attack.
* Fixed CVE-2014-0227: Add an error flag in ChunkedInputFilter to allow
subsequent attempts at reading after an error to fail fast. This prevents
remote attackers from conducting HTTP request smuggling attacks or causing
a denial of service by streaming data with malformed chunked requests.
* Fixed CVE-2014-0230: Add a new limit for the amount of data Tomcat will
swallow for an aborted upload. This prevents remote attackers from causing
a denial of service (thread consumption) via a series of aborted upload
attempts.
Checksums-Sha1:
ff165fdc4c9f1d2180a6a7c3a3b1bdf0e6f8fa08 2645 tomcat7_7.0.28-4+deb7u3.dsc
cb25b647f297663c30bf20b5e49cf46f45bc2831 105422 tomcat7_7.0.28-4+deb7u3.debian.tar.gz
08d06711d9067789a0948b1f99d45334588211c8 61260 tomcat7-common_7.0.28-4+deb7u3_all.deb
455549997df0a281fc8b7f1ba3717db90f34ee50 50408 tomcat7_7.0.28-4+deb7u3_all.deb
113a59a4686c860a9be5307290d2c159af135bb5 38986 tomcat7-user_7.0.28-4+deb7u3_all.deb
cee0a2c45781f7c50a24eca765bab470f9b8a011 3501052 libtomcat7-java_7.0.28-4+deb7u3_all.deb
d51b41a2c28889f90422496a9c0b85ec07f96aba 305092 libservlet3.0-java_7.0.28-4+deb7u3_all.deb
c432fe5990dfcb11eae863c99c936e40a971ff59 302038 libservlet3.0-java-doc_7.0.28-4+deb7u3_all.deb
04afeecb76f58f8925ccf3f267761c3eb6fba55f 51378 tomcat7-admin_7.0.28-4+deb7u3_all.deb
5defbe79deebf8cf4346203996f1795411934079 201624 tomcat7-examples_7.0.28-4+deb7u3_all.deb
5538be8c8d0149e7af082a719595390d8b4461a1 647416 tomcat7-docs_7.0.28-4+deb7u3_all.deb
Checksums-Sha256:
c0a33f44259c0bb6da6a730050ba90c43c36b4f33f66cc46b041de40978e956f 2645 tomcat7_7.0.28-4+deb7u3.dsc
483d6dbd5b29e6c5ff44d93104042adf57f3c3e9657be030f3ca18563bfbb738 105422 tomcat7_7.0.28-4+deb7u3.debian.tar.gz
dfdcfbd3e7d1c2eb910d90d97775f7110f1af2a023918867e3488fd27f72f9db 61260 tomcat7-common_7.0.28-4+deb7u3_all.deb
477783c136b4b0a7fe3a6338fa956873c53ce70b04a802b0c0f8ffffe692faaf 50408 tomcat7_7.0.28-4+deb7u3_all.deb
c0a620eeb5806a55c3c3fc378ca2c5bb12f3b50c4e44df86ba6a541e4e5381e3 38986 tomcat7-user_7.0.28-4+deb7u3_all.deb
97ef8316c1936731adc403029d1f1098007f611f4dddc1c4159390956bdce70c 3501052 libtomcat7-java_7.0.28-4+deb7u3_all.deb
f98aedbf0f296ebe0cc3a25ba1e8eca3bcbc59276f4052c90fefe3f8696cfca3 305092 libservlet3.0-java_7.0.28-4+deb7u3_all.deb
57d6f79dab613865f2f38859eda910e992cdebb8fd607477a33aae2792dbf40c 302038 libservlet3.0-java-doc_7.0.28-4+deb7u3_all.deb
9c43cc7a66cb249db4d6027aed766e3babadf8b50ac211d6da8deeaa7554858a 51378 tomcat7-admin_7.0.28-4+deb7u3_all.deb
a63c0cd87c96225e09aaab976dd72db6c138975c50c3cd6820132c1fbe96e671 201624 tomcat7-examples_7.0.28-4+deb7u3_all.deb
8fd38037bc0a23368c8646574d38e9e619686edd3ff810eab79262766242cd46 647416 tomcat7-docs_7.0.28-4+deb7u3_all.deb
Files:
0c55247ee9ae7a71f707d7462d470ecd 2645 java optional tomcat7_7.0.28-4+deb7u3.dsc
e15b76034d914449f3078857a29382c9 105422 java optional tomcat7_7.0.28-4+deb7u3.debian.tar.gz
180ed07180d1968f4a834c7c50b99aad 61260 java optional tomcat7-common_7.0.28-4+deb7u3_all.deb
90ab6c6a75d807f38b69cad205f2e920 50408 java optional tomcat7_7.0.28-4+deb7u3_all.deb
4d5fad06e665745a002c50744835e752 38986 java optional tomcat7-user_7.0.28-4+deb7u3_all.deb
546daeb73ca0860d2e74677a531561bc 3501052 java optional libtomcat7-java_7.0.28-4+deb7u3_all.deb
d930497fda41f8b1d7f5f12d01c2b07a 305092 java optional libservlet3.0-java_7.0.28-4+deb7u3_all.deb
afc6a24c369258a301711a0f9d0ca1c4 302038 doc optional libservlet3.0-java-doc_7.0.28-4+deb7u3_all.deb
e3ad44f43ac5f4d440d14d77bc553294 51378 java optional tomcat7-admin_7.0.28-4+deb7u3_all.deb
bbb5299da82a4fc17e181b0d5e3babe1 201624 java optional tomcat7-examples_7.0.28-4+deb7u3_all.deb
89ac5898458784efd11259207a77e491 647416 doc optional tomcat7-docs_7.0.28-4+deb7u3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJWk5hAAAoJEPUTxBnkudCszw8P/0B4M77ycaftVt1pnv1052s4
BOMgJc7xaqaDqI8vEfT6KsMRspmCaoCsR6IVSO8a+IiRqzIUuLnFMufBsLFJe6rJ
C8FpKstAyoS2gqaxQixwoxbkrdUqyT6zB3efQ4bk09e7VEzkzsoLvBsTXTJlOqb3
DTE0eGvEZszbHy/lb/Fzyc662F16WMTOv6sn+AopHnzibTRWyaVPymNgdvAfZbwD
pe7o8TVtEQ04xSMN5oa0PXghCxjqgQQwFUovQVxv2fgE6GSA4UYFr/1SDt6zQ5vU
PCrNP/rh7o5rWCNJjdjg+E6bffs9XdoVBIhIn/cfSlVvXpsL2LIawIkd2fTk2YmC
efr5vQUoFd2JN92TjAvnpEeeaVEsaQ7srIrx9vKgx23BZLkDGrk1wQFVwmmdAA4z
I3bquiZ9ts8qPjaWaPOSKJ4OGz6OTpRJQkk68hx+niBqh1foysSKGVqcy0IUZWWE
ASV8oSHCONDkh4a4VFta3TcKXAwospsWdKYHfHM9ENQsn/6oOXOLERn00M9Xi+hL
oE5dDmIQ0cVCSZRU6vzvMcuUsiKWbpqYMLRj5x4ufLhkNjsoOkzQnRS5tCBnL6o4
2pFw9++D9EXc2kJKUU/bEsNWk4f9N4GzmiVAqODdKnfvO2E+ntD+bs5GPXHklMda
mzBaaGapVN+CdYhNz69F
=D4PK
-----END PGP SIGNATURE-----
Reply to: