Accepted tomcat8 8.5.54-0+deb9u8 (source) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 22 Sep 2021 21:46:16 +0200
Source: tomcat8
Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libtomcat8-embed-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs
Architecture: source
Version: 8.5.54-0+deb9u8
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API classes
libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API documenta
libtomcat8-embed-java - Apache Tomcat 8 - Servlet and JSP engine -- embed libraries
libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries
tomcat8 - Apache Tomcat 8 - Servlet and JSP engine
tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web application
tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files
tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation
tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web applicati
tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user
Changes:
tomcat8 (8.5.54-0+deb9u8) stretch-security; urgency=high
.
* Team upload.
* CVE-2021-30640: Fix NullPointerException.
If no userRoleAttribute is specified in the user's Realm configuration its
default value will be null. This will cause a NPE in the methods
doFilterEscaping and doAttributeValueEscaping. This is upstream bug
https://bz.apache.org/bugzilla/show_bug.cgi?id=65308
* Fix CVE-2021-41079:
Apache Tomcat did not properly validate incoming TLS packets. When Tomcat
was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially
crafted packet could be used to trigger an infinite loop resulting in a
denial of service.
Checksums-Sha1:
147b6d9908e2f62d2fcda4ebaa5f1306b06c56c2 3101 tomcat8_8.5.54-0+deb9u8.dsc
8560a7b225a264da06de3bc1bd64b14d7327a15c 56976 tomcat8_8.5.54-0+deb9u8.debian.tar.xz
a65885a46e10988e57157c659cea7839b05ba652 14702 tomcat8_8.5.54-0+deb9u8_amd64.buildinfo
Checksums-Sha256:
461c9afd9d508cd2367f259a5955c8512488d47f19bb65c81df9ad011ffdfd45 3101 tomcat8_8.5.54-0+deb9u8.dsc
07b0b2f40e161617618a505262a770529cff2e2e5770e26e3ac178ec7f27a290 56976 tomcat8_8.5.54-0+deb9u8.debian.tar.xz
d70ca1320cea70d4c455d347dd84311eba33ee56cfc8e2e73bfd4aa893f7518b 14702 tomcat8_8.5.54-0+deb9u8_amd64.buildinfo
Files:
566d10148d578b047410d4e9eb001b83 3101 java optional tomcat8_8.5.54-0+deb9u8.dsc
6e530cd7f3553d5ac3c16aba655712a7 56976 java optional tomcat8_8.5.54-0+deb9u8.debian.tar.xz
b1392b85fa6cf502c3ed0fea486436c1 14702 java optional tomcat8_8.5.54-0+deb9u8_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmFLlQlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkFi0P+gLPiKpgDkNixajE6fVBg0vGtPJtUpgalStm
NBeFk8jirBxAyVX5zU+x9OrCgYHDyq3Kxlhw3z+RWtjyUCnVktidiQ+oavfE5xMJ
KGDSLpJm0geJc8wrYMtLAIsTKK0UOPBCQ9a3An5bl4CBgeDoKRL4pP9+FEqWfB/P
E8bMrJPA0v9Tv+bwomYso1K/vl+V/UPRXG7bUzc/xZ5oYS2upwVaXb/iEYc0hdpA
EibdcCrraSrWZ0ItBva9jgMPNKboFXADLNZ0jTxfWLspdDOQ1XKSUqKIKtNhSKKD
TFm6sqekqkOEBy0DXPD9sGVIys+Dhl3rQNPdTSwZcz2IxjbggFoArRlHSXCMhdWO
xXf2t6cg3nF3+t5SlUtm7In8paw33wC3E340hAeHSYr3abc6ODCXwRojK74b1t2P
zZEUo5RBr3TmrhnSECqIWu1C8yQG50J12O9/6u/NRzL1C9JHYPxlxatKFRCNqSpH
3Qd2RJt/WeMCge/NJC4XFSsAo2Fz8QXdvxNJ8++KF04YIAWeQNX3//mdDmkxM4UT
CM6cFBMxHpx6otRNn55ght+oKFQyrNl23K1wvgZzIbWQB0Cp/mwtPUFxbnPZxGzP
+moVkC05PKe18lZHLR9hjmtBN9DvLT65I22E/ZvXVH3xxGCJBsIEjzr2LiW99+Zl
J0BIhZHn
=ZuYj
-----END PGP SIGNATURE-----
Reply to: