[Git][java-team/tomcat9][buster] Update changelog

Markus Koschany gitlab at salsa.debian.org
Wed Jul 15 12:58:21 BST 2020 


Markus Koschany pushed to branch buster at Debian Java Maintainers / tomcat9


Commits:
1ac6d044 by Markus Koschany at 2020-07-15T13:46:06+02:00
Update changelog

- - - - -


1 changed file:

- debian/changelog


Changes:

=====================================
debian/changelog
=====================================
@@ -1,6 +1,8 @@
-tomcat9 (9.0.31-1~deb10u2) buster-security; urgency=medium
+tomcat9 (9.0.31-1~deb10u2) buster-security; urgency=high
 
   * Team upload.
+
+  [ Emmanuel Bourg ]
   * Fixed CVE-2020-13935: WebSocket Denial of Service. The payload length
     in a WebSocket frame was not correctly validated. Invalid payload lengths
     could trigger an infinite loop. Multiple requests with invalid payload
@@ -10,7 +12,26 @@ tomcat9 (9.0.31-1~deb10u2) buster-security; urgency=medium
     sufficient number of such requests were made, an OutOfMemoryException
     could occur leading to a denial of service.
 
- -- Emmanuel Bourg <ebourg at apache.org>  Tue, 14 Jul 2020 22:11:58 +0200
+  [ Markus Koschany ]
+  * Fix CVE-2020-9484:
+    When using Apache Tomcat an attacker is able to control the contents and
+    name of a file on the server; and b) the server is configured to use the
+    PersistenceManager with a FileStore; and c) the PersistenceManager is
+    configured with sessionAttributeValueClassNameFilter="null" (the default
+    unless a SecurityManager is used) or a sufficiently lax filter to allow the
+    attacker provided object to be deserialized; and d) the attacker knows the
+    relative file path from the storage location used by FileStore to the file
+    the attacker has control over; then, using a specifically crafted request,
+    the attacker will be able to trigger remote code execution via
+    deserialization of the file under their control. Note that all of
+    conditions a) to d) must be true for the attack to succeed.
+  * Fix CVE-2020-11996:
+    A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat could
+    trigger high CPU usage for several seconds. If a sufficient number of such
+    requests were made on concurrent HTTP/2 connections, the server could
+    become unresponsive.
+
+ -- Markus Koschany <apo at debian.org>  Wed, 15 Jul 2020 13:43:33 +0200
 
 tomcat9 (9.0.31-1~deb10u1) buster-security; urgency=high
 



View it on GitLab: https://salsa.debian.org/java-team/tomcat9/-/commit/1ac6d044793df53915acd6abc7e454907cba1cc1

-- 
View it on GitLab: https://salsa.debian.org/java-team/tomcat9/-/commit/1ac6d044793df53915acd6abc7e454907cba1cc1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20200715/e4166fc7/attachment.html>

More information about the pkg-java-commits mailing list