Accepted tomcat9 9.0.43-2~deb11u1 (source) into testing-proposed-updates

[Debian FTP Masters <ftpmaster@ftp-master.debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 08 Aug 2021 15:19:44 +0200
Source: tomcat9
Architecture: source
Version: 9.0.43-2~deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Closes: 991046
Changes:
 tomcat9 (9.0.43-2~deb11u1) bullseye-security; urgency=medium
 .
   * Team upload.
   * Rebuild for bullseye-security.
 .
 tomcat9 (9.0.43-2) unstable; urgency=medium
 .
   * Team upload.
 .
   [ mirabilos ]
   * fix /var/log/tomcat9 permissions
     fixup for commit 51128fe9fb2d4d0b56be675d845cf92e4301a6c3
 .
   [ Markus Koschany ]
   * Fix CVE-2021-30640:
     A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to
     authenticate using variations of a valid user name and/or to bypass some of
     the protection provided by the LockOut Realm.
   * Fix CVE-2021-33037:
     Apache Tomcat did not correctly parse the HTTP transfer-encoding request
     header in some circumstances leading to the possibility to request
     smuggling when used with a reverse proxy. Specifically: - Tomcat
     incorrectly ignored the transfer encoding header if the client declared it
     would only accept an HTTP/1.0 response; - Tomcat honoured the identify
     encoding; and - Tomcat did not ensure that, if present, the chunked
     encoding was the final encoding.
     (Closes: #991046)
Checksums-Sha1:
 61fc2c80eeedb603e340ee2985ac8a4441a9ba6d 2906 tomcat9_9.0.43-2~deb11u1.dsc
 ea110ef5cd867c48a5c01608a1e15e1f6cc57157 3949672 tomcat9_9.0.43.orig.tar.xz
 569815562dd55fddf2c3b097a2087ccea0bd82d7 38716 tomcat9_9.0.43-2~deb11u1.debian.tar.xz
 0f6fa8acee7d20f93fe615432ea864561ca9e1d5 13847 tomcat9_9.0.43-2~deb11u1_amd64.buildinfo
Checksums-Sha256:
 61a7ec4f43007def48de2a1af783b0b4d1ec2ec908dc4e576fac0e951ff91683 2906 tomcat9_9.0.43-2~deb11u1.dsc
 f40d140f643f2e64e712c5160a220acd5db55c1766dd1feec82e5711ab48978d 3949672 tomcat9_9.0.43.orig.tar.xz
 1adb6e1403ab60778e69dc0319da127d47fb8f9e3620d87b3c4961cfc8644555 38716 tomcat9_9.0.43-2~deb11u1.debian.tar.xz
 12b7441fd69a67324147aa48943ebe96cedaacd39afd257580d53af736b8d05d 13847 tomcat9_9.0.43-2~deb11u1_amd64.buildinfo
Files:
 26c9db98612810b308c83ee1ea281eca 2906 java optional tomcat9_9.0.43-2~deb11u1.dsc
 9e72899cab97f8906aa7bdb643af1987 3949672 java optional tomcat9_9.0.43.orig.tar.xz
 b4d877b970a523b54d5d13e94aba154b 38716 java optional tomcat9_9.0.43-2~deb11u1.debian.tar.xz
 c46ba4ebe662ea2004ac3e00634c2fc3 13847 java optional tomcat9_9.0.43-2~deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmEP3LRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk5dwQAMIOYwgIsdM3kAaB8WzLISN+6fgE4+bwc2Cx
9gAg/Rtd6HrJrg/7vI2/4LpyUBfQD525ZwLv6wvcSQA+NjdPET67z2fEe5eg+62Y
eA2VfEd8jqPDkDe4xe0UYlJQGm/tezCBHCJW19iSkU5c2Gq98AgnFra6hikB/i6z
WNjNoemMxs/toRJEX6Ybx0mS+C3WjvdWUANoEeRDB+WAcsJ4kM9i3hBUir5Kbh/7
p4Fe6HMpMoyJJ2HCbayXcPj5aRfkLgzhVCpLQQ+59wuR7hNO1A6+HPREBw2/Hk9K
6o/ecU6XGn4CKtMZy/OhO4WbqqlRnkeTggWmGVEfUVqxK4dxWZDxZvI6t47zcBsW
Zl57R5TfgyjRY3KJl+U3hZ1jVaWx3pBhMgE57jbatwwEw5nxX5e6WK0ZnvTbXbEd
OshoWxQb6XxQA7xwKAMcw/C5vkojhGYsiMiQ1fruA+N/CK14Pb9iuKZW3R+AiKTm
UwhQdD1fdwics+2kB+8kAETdYFS6wD73ELL5k94nS3bHwbaHd17gJVftP8maC7dt
ngihwcJYqaLDebVUGmfyFKQjNzSgJCkyO3KwoYCsc0s346ctxVOWhDmncn+lMRQG
A0ZEwTQJfR+psAs4zWQa+HMS0+yaqND0IKJG3NThSdhdB6r/BxqLYmw3NrhKoo7x
mFcPvCYG
=98qi
-----END PGP SIGNATURE-----