tomcat9_9.0.43-2_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sat Aug 7 16:18:28 BST 2021
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 07 Aug 2021 00:11:43 +0200
Source: tomcat9
Architecture: source
Version: 9.0.43-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at debian.org>
Closes: 991046
Changes:
tomcat9 (9.0.43-2) unstable; urgency=medium
.
* Team upload.
.
[ mirabilos ]
* fix /var/log/tomcat9 permissions
fixup for commit 51128fe9fb2d4d0b56be675d845cf92e4301a6c3
.
[ Markus Koschany ]
* Fix CVE-2021-30640:
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to
authenticate using variations of a valid user name and/or to bypass some of
the protection provided by the LockOut Realm.
* Fix CVE-2021-33037:
Apache Tomcat did not correctly parse the HTTP transfer-encoding request
header in some circumstances leading to the possibility to request
smuggling when used with a reverse proxy. Specifically: - Tomcat
incorrectly ignored the transfer encoding header if the client declared it
would only accept an HTTP/1.0 response; - Tomcat honoured the identify
encoding; and - Tomcat did not ensure that, if present, the chunked
encoding was the final encoding.
(Closes: #991046)
Checksums-Sha1:
251269ddf8577c01e26561628d3a1f3c53b74984 2874 tomcat9_9.0.43-2.dsc
77d3e03fa8893c6c8161c21bf748fcc65e859564 38700 tomcat9_9.0.43-2.debian.tar.xz
4d591b8a0051e9c0d59f8e5bfa978d33e82c2c6a 13623 tomcat9_9.0.43-2_amd64.buildinfo
Checksums-Sha256:
f7d0dd30343eb8276215dc3ccdabede693919c23943d66b6c7a5d6c359c1ecca 2874 tomcat9_9.0.43-2.dsc
199a0169d76f4970f04a9b293ed869f92aa9774e737ff8daa940de1c69ee314a 38700 tomcat9_9.0.43-2.debian.tar.xz
1cd5e3b39ff4c37fb1f68bd9e0794dc2623001c284d49345e27e614412e0a431 13623 tomcat9_9.0.43-2_amd64.buildinfo
Files:
8ddb2626f337a8413537f4cd4d785bd7 2874 java optional tomcat9_9.0.43-2.dsc
e2dc0fc769b45b4dc4a68682c767bc4b 38700 java optional tomcat9_9.0.43-2.debian.tar.xz
66c4299cf5362c0665218bcf63ef4e08 13623 java optional tomcat9_9.0.43-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmEOoK1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk4VwP/2taeTwUqzbiOqWC2NBHUXJX+qmfAG4PCeS9
EY+l1udnM/kBArILaAWf/okHUnFYhhfVJOWvcOrMphaR6jQG8D0X6MFJxk92a++l
WZUqRwvCA+M1m5LOIKxNjTnnJLaC/KCsWXQxBCqkj0XxUtehMUe3MYrE+eImv1jx
nCtCcUKyCBEKCieKC4ofrUUk4F7mhfbIc1Q8vTTDvY40IMOI2zBc19G1JzoJpaLe
g1BCKE9h0sTtaWUs73xopCj/TJEP4QH/vYviTd3VXt48XnOyjeVtZBPvETYdu60z
ZIsF3/Tbr26AMp/ClG/QoX17O70Fck1iB9+hjFo+dCOC8WHegqH6uEqj66GMlbdR
+h2z3fW21hkAEHEk9x7rA1wsGC2tuCOwk58uev1cXalL4OBSs87UhNhnIJmqbgp/
8XYh9TnY99B1/0IJ57yFb/q0AWN5c87wwh4fUAb2dvHYwFAOnFXk0NAENHUVLMWm
LpFJPwvGLVIdLpIWDGYFztGh5XsQ1SD7bcPOuDXow3IiUmdmAv/GZzX/Gg6yyNdM
HYhNdiA+maB1eKDnyXj9MjllMdZVwzuXnGVCpHVm9cjCtR/vK539IKYSnLOgY4Nt
OCFrlh2KiK9Tdy7K2Aa2/7t+wnJIvwFe+SoyebwLQWT8grYS7AxwD8tOG/FSjbvD
nvApP+a+
=Ppag
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the pkg-java-maintainers
mailing list