Accepted tomcat8 8.5.54-0+deb9u7 (source) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 05 Aug 2021 20:01:42 +0200
Source: tomcat8
Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libtomcat8-embed-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs
Architecture: source
Version: 8.5.54-0+deb9u7
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API classes
libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API documenta
libtomcat8-embed-java - Apache Tomcat 8 - Servlet and JSP engine -- embed libraries
libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries
tomcat8 - Apache Tomcat 8 - Servlet and JSP engine
tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web application
tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files
tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation
tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web applicati
tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user
Changes:
tomcat8 (8.5.54-0+deb9u7) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2021-30640:
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to
authenticate using variations of a valid user name and/or to bypass some of
the protection provided by the LockOut Realm.
* Fix CVE-2021-33037:
Apache Tomcat did not correctly parse the HTTP transfer-encoding request
header in some circumstances leading to the possibility to request
smuggling when used with a reverse proxy. Specifically: - Tomcat
incorrectly ignored the transfer encoding header if the client declared it
would only accept an HTTP/1.0 response; - Tomcat honoured the identify
encoding; and - Tomcat did not ensure that, if present, the chunked
encoding was the final encoding.
Checksums-Sha1:
95acf56ed6bae14b880ee0db136eadb9ded990e8 3101 tomcat8_8.5.54-0+deb9u7.dsc
16425009d02faf726c138b9355fa615f4841cfe7 56184 tomcat8_8.5.54-0+deb9u7.debian.tar.xz
707148b9225a461f71f78fb13a4588078e7a432b 14694 tomcat8_8.5.54-0+deb9u7_amd64.buildinfo
Checksums-Sha256:
b527c66d72a9d98aca0d6f0cb33baa23fd2738fbb9e44380b534bd020c7deda1 3101 tomcat8_8.5.54-0+deb9u7.dsc
a5131d359562855bd7606d483d240850036add7a171d6f4aef0e6d6e02184b0b 56184 tomcat8_8.5.54-0+deb9u7.debian.tar.xz
bb4c9cfaedf539aa5739557f85a5692e1050a84c848de6cb99022c2c4974eac7 14694 tomcat8_8.5.54-0+deb9u7_amd64.buildinfo
Files:
d301aefcfd3b6e66c810975770320fff 3101 java optional tomcat8_8.5.54-0+deb9u7.dsc
330257f5e01e38d3fa11192fabad395f 56184 java optional tomcat8_8.5.54-0+deb9u7.debian.tar.xz
4625ad3a96a551ef32de9e136e021f0f 14694 java optional tomcat8_8.5.54-0+deb9u7_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmEMRcRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HksEQQAM9jS1hgFtkNp6VxN+wIzllcaVqmSY47KK5F
3Xv/oOhuEQ/UMnw95Qe2nMvFROqfhulz6hCb4VVHBzGSF9kNerYCSu71830JP2uL
IDb74w1kTcn+RJo9BjYeke4qN90kgUI6yxxuJh/7GdRAghKdp5hlyCQ9z0OiT3uH
6Lei5vOEXyzz8Uq9ynz1EpvxmItIfN2ubpSDS9qGjqr4/hbSGY0QDNivszaGlLHF
RO9lASTWXpiUymS2JIB+gSVcknIvmV8zjBL25IL5StXOdrEhc/lkiUnBTpRTS4b3
b9FIx3/AqRleA+YYy4qP8a1+uIzD2DTYXlF0FOFPYxZ10PFKTqqyT0ECaI8VxrTV
PKbnUy1zyHBa7xSfPVOCWjFBBZLn7+XMG1JXQ6W4/FTBqNBMCJ8AWJLXxysvcm+S
jihAZyLAakFx/WP1NneLQf+CUnjCzhhvdZ9SXA4rvup7oUEtNaRa4GLfUuJP6cM6
5pK9HRjpAIQUW5RNOZWfnHxS54VfW8BOOEJybd+FfEK7sRYtBbq5GFPwpImL7Znd
2Mp0W5KBIbkGt4tUvTPliD9RdiTCkMJ/C2KpTBOW3dG43v2Xqy6Ra8e6W2D53xhX
KDCyp1M36V2rRcSpGBWuh4KDInQ+Tj4iSg/IAcUYIE6hfBR2haLAWmoabLH1ucmw
5Ecet/yn
=cXSL
-----END PGP SIGNATURE-----
Reply to: