[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted tomcat8 8.5.54-0+deb9u8 (source) into oldoldstable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 22 Sep 2021 21:46:16 +0200
Source: tomcat8
Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libtomcat8-embed-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs
Architecture: source
Version: 8.5.54-0+deb9u8
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API classes
 libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API documenta
 libtomcat8-embed-java - Apache Tomcat 8 - Servlet and JSP engine -- embed libraries
 libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries
 tomcat8    - Apache Tomcat 8 - Servlet and JSP engine
 tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web application
 tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files
 tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation
 tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web applicati
 tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user
Changes:
 tomcat8 (8.5.54-0+deb9u8) stretch-security; urgency=high
 .
   * Team upload.
   * CVE-2021-30640: Fix NullPointerException.
     If no userRoleAttribute is specified in the user's Realm configuration its
     default value will be null. This will cause a NPE in the methods
     doFilterEscaping and doAttributeValueEscaping. This is upstream bug
     https://bz.apache.org/bugzilla/show_bug.cgi?id=65308
   * Fix CVE-2021-41079:
     Apache Tomcat did not properly validate incoming TLS packets. When Tomcat
     was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially
     crafted packet could be used to trigger an infinite loop resulting in a
     denial of service.
Checksums-Sha1:
 147b6d9908e2f62d2fcda4ebaa5f1306b06c56c2 3101 tomcat8_8.5.54-0+deb9u8.dsc
 8560a7b225a264da06de3bc1bd64b14d7327a15c 56976 tomcat8_8.5.54-0+deb9u8.debian.tar.xz
 a65885a46e10988e57157c659cea7839b05ba652 14702 tomcat8_8.5.54-0+deb9u8_amd64.buildinfo
Checksums-Sha256:
 461c9afd9d508cd2367f259a5955c8512488d47f19bb65c81df9ad011ffdfd45 3101 tomcat8_8.5.54-0+deb9u8.dsc
 07b0b2f40e161617618a505262a770529cff2e2e5770e26e3ac178ec7f27a290 56976 tomcat8_8.5.54-0+deb9u8.debian.tar.xz
 d70ca1320cea70d4c455d347dd84311eba33ee56cfc8e2e73bfd4aa893f7518b 14702 tomcat8_8.5.54-0+deb9u8_amd64.buildinfo
Files:
 566d10148d578b047410d4e9eb001b83 3101 java optional tomcat8_8.5.54-0+deb9u8.dsc
 6e530cd7f3553d5ac3c16aba655712a7 56976 java optional tomcat8_8.5.54-0+deb9u8.debian.tar.xz
 b1392b85fa6cf502c3ed0fea486436c1 14702 java optional tomcat8_8.5.54-0+deb9u8_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmFLlQlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkFi0P+gLPiKpgDkNixajE6fVBg0vGtPJtUpgalStm
NBeFk8jirBxAyVX5zU+x9OrCgYHDyq3Kxlhw3z+RWtjyUCnVktidiQ+oavfE5xMJ
KGDSLpJm0geJc8wrYMtLAIsTKK0UOPBCQ9a3An5bl4CBgeDoKRL4pP9+FEqWfB/P
E8bMrJPA0v9Tv+bwomYso1K/vl+V/UPRXG7bUzc/xZ5oYS2upwVaXb/iEYc0hdpA
EibdcCrraSrWZ0ItBva9jgMPNKboFXADLNZ0jTxfWLspdDOQ1XKSUqKIKtNhSKKD
TFm6sqekqkOEBy0DXPD9sGVIys+Dhl3rQNPdTSwZcz2IxjbggFoArRlHSXCMhdWO
xXf2t6cg3nF3+t5SlUtm7In8paw33wC3E340hAeHSYr3abc6ODCXwRojK74b1t2P
zZEUo5RBr3TmrhnSECqIWu1C8yQG50J12O9/6u/NRzL1C9JHYPxlxatKFRCNqSpH
3Qd2RJt/WeMCge/NJC4XFSsAo2Fz8QXdvxNJ8++KF04YIAWeQNX3//mdDmkxM4UT
CM6cFBMxHpx6otRNn55ght+oKFQyrNl23K1wvgZzIbWQB0Cp/mwtPUFxbnPZxGzP
+moVkC05PKe18lZHLR9hjmtBN9DvLT65I22E/ZvXVH3xxGCJBsIEjzr2LiW99+Zl
J0BIhZHn
=ZuYj
-----END PGP SIGNATURE-----
Reply to: