Accepted tomcat-native 1.2.12-2+deb9u1 (source amd64) into proposed-updates->stable-new, proposed-updates

Markus Koschany apo at debian.org
Fri Feb 23 11:34:59 UTC 2018


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 11 Feb 2018 21:16:59 +0100
Source: tomcat-native
Binary: libtcnative-1
Architecture: source amd64
Version: 1.2.12-2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at debian.org>
Description:
 libtcnative-1 - Tomcat native library using the Apache Portable Runtime
Changes:
 tomcat-native (1.2.12-2+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2017-15698:
     When parsing the AIA-Extension field of a client certificate, Apache Tomcat
     Native did not correctly handle fields longer than 127 bytes. The result of
     the parsing error was to skip the OCSP check. It was therefore possible for
     client certificates that should have been rejected (if the OCSP check had
     been made) to be accepted. Users not using OCSP checks are not affected by
     this vulnerability.
Checksums-Sha1:
 be17a29b087add8aa1e0a8f6f5bcace54f76c29e 2229 tomcat-native_1.2.12-2+deb9u1.dsc
 62f457aa9af54825f2ca6e9791f06e1b012c2a2f 243776 tomcat-native_1.2.12.orig.tar.xz
 010d31000e3c1aeb8a08fc01a7945852368de35f 5608 tomcat-native_1.2.12-2+deb9u1.debian.tar.xz
 4de2009e3fab0db50010f5cab42b80dc2d46c7f8 355582 libtcnative-1-dbgsym_1.2.12-2+deb9u1_amd64.deb
 c4258813ad09aaf3e61aab7e9c3d4f017e191ea1 83966 libtcnative-1_1.2.12-2+deb9u1_amd64.deb
 3936edad453a6dd4630bad9295ea5aa511bbe81c 10946 tomcat-native_1.2.12-2+deb9u1_amd64.buildinfo
Checksums-Sha256:
 d460c0cb4d747592ac882a8c672e66bb9e6ba895e1800ac4e475fbf961235a23 2229 tomcat-native_1.2.12-2+deb9u1.dsc
 ddd59cdfa34331524c6a95605fa7f5077887d6cb14f4c663eec69102ec48b73a 243776 tomcat-native_1.2.12.orig.tar.xz
 16f0f00d78da10e4c924601fae4e428f0cf702b37dbd096c216c289a8b7c0ae5 5608 tomcat-native_1.2.12-2+deb9u1.debian.tar.xz
 6d4b218f8db69acc0ec483b17719d102ab4bb7b9938902c1ff3e5d459004d6fa 355582 libtcnative-1-dbgsym_1.2.12-2+deb9u1_amd64.deb
 dc96dc44a1346aec905d1e057fae91c25b1efe76ba059bfd55aecde603bcc979 83966 libtcnative-1_1.2.12-2+deb9u1_amd64.deb
 a701fff40409c864755d75bd82dd0544bc70391d556296be51e22d77b76c8515 10946 tomcat-native_1.2.12-2+deb9u1_amd64.buildinfo
Files:
 e1bd09c397e5736b47b2ca8f7b031968 2229 java extra tomcat-native_1.2.12-2+deb9u1.dsc
 5b7c3866cbc0a037f727a1a698522e59 243776 java extra tomcat-native_1.2.12.orig.tar.xz
 c7310345203ee05d909c84bc77542dd3 5608 java extra tomcat-native_1.2.12-2+deb9u1.debian.tar.xz
 b3033eb1727717e52fa0441964f5117f 355582 debug extra libtcnative-1-dbgsym_1.2.12-2+deb9u1_amd64.deb
 2156d7c6cafd900a3d38bf78d94f7a95 83966 java extra libtcnative-1_1.2.12-2+deb9u1_amd64.deb
 7e35405ff9efc8e2b10aa9348eb25c45 10946 java extra tomcat-native_1.2.12-2+deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlqBpPdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkxLMP/jNzrfyzWPDXuYOggiAwTqI7GOy2jLzuQss3
xiKdP0IwBgA7eMi6HKmxdf7dwUi5cWYU8VPhq0BzPoPFJ0Fi2iuZQ22Ywidcfqjp
95YYgVTYiWAR8JgMV8xYdyFHnomAOc90uio5uoSYTzWPZWDTe7ol3CEfAFh+6zdn
3mGBdfds00yuqHPJ1g+hosEaQcW/q4kj1/6jqfSIStohdHmgmYioZjGyyfwGfDXG
HJbnsySjB8JOKSIu/HgHqTJYDEGXpl7V1Jt/Hg/LOwslUh1B31NuW4bBd2g/w0Jo
cDgTXoH1SGfpQjUrxiwKBZfMmBngUIjl/jHLrvC3VcSWYdtOe6X9X9Ha4FYkmTza
yuvjPqXO3YMntMaFlsU/0KmvsohsIkXqNLLUZPNuCzfRkgruwHe0idzf8LDSXzsb
6bE+qim4l0XLV+7rN8dIyCrskUWPLuPk/wyox0BpnLyNZxbAXLDRXEYHIpbBdi6E
GPEPKUu46Ue6SS/tJ7zCjRviyhvD1eC0LeCD88UhthziQLp2y1CTTLTnf0H6FmEk
ZP8j52X7XAOr7ymf57ghvM2Arv20V8FkVTwQXiH12o4qpvow/999xa/HVRCL/UFr
RDMmj43PuL4OETipnwQaEi8Z7yn2b7Cm5uH9u6P8rGOVBV+H0L/06r1jK1bBz30A
hOKdFjLz
=reHr
-----END PGP SIGNATURE-----




More information about the pkg-java-maintainers mailing list