tomcat9_9.0.31-1~deb10u3_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates

Debian FTP Masters ftpmaster at ftp-master.debian.org
Sat Jan 23 15:47:16 GMT 2021 


Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 19 Jan 2021 23:31:47 +0100
Source: tomcat9
Architecture: source
Version: 9.0.31-1~deb10u3
Distribution: buster-security
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebourg at apache.org>
Changes:
 tomcat9 (9.0.31-1~deb10u3) buster-security; urgency=medium
 .
   * Fixed CVE-2020-13943: HTTP/2 request mix-up. If an HTTP/2 client exceeded
     the agreed maximum number of concurrent streams for a connection (in
     violation of the HTTP/2 protocol), it was possible that a subsequent
     request made on that connection could contain HTTP headers - including
     HTTP/2 pseudo headers - from a previous request rather than the intended
     headers. This could lead to users seeing responses for unexpected resources.
   * Fixed CVE-2020-17527: HTTP/2 request header mix-up. It was discovered that
     Apache Tomcat could re-use an HTTP request header value from the previous
     stream received on an HTTP/2 connection for the request associated with
     the subsequent stream. While this would most likely lead to an error and
     the closure of the HTTP/2 connection, it is possible that information could
     leak between requests.
Checksums-Sha1:
 6114a33281ca0e9c8daef2f238aa13184383b66a 2763 tomcat9_9.0.31-1~deb10u3.dsc
 106fff92ae4a0b0f476a73af35995b13629aa2d3 39344 tomcat9_9.0.31-1~deb10u3.debian.tar.xz
 f90a3487965b9a8338c09e91b9509b62eddc1dd9 13688 tomcat9_9.0.31-1~deb10u3_source.buildinfo
Checksums-Sha256:
 df98580df659a893e6fe497d980a7e3f241c375e10eac5d779b8eb6210040279 2763 tomcat9_9.0.31-1~deb10u3.dsc
 16bbaf0a16099840cb3d170a6b979a7435c750c9341d93db66b5b9d0148449fa 39344 tomcat9_9.0.31-1~deb10u3.debian.tar.xz
 c26321445f77c133cfbec102a8590117911afff3bfde4eecca9b66f223247c54 13688 tomcat9_9.0.31-1~deb10u3_source.buildinfo
Files:
 00ee74e5e4b2fb5eea31ec7ccb6f07b8 2763 java optional tomcat9_9.0.31-1~deb10u3.dsc
 4e45476fc03ee09ca0c9470b074f97d3 39344 java optional tomcat9_9.0.31-1~deb10u3.debian.tar.xz
 2aede94c0609d28c4580242c3262373a 13688 java optional tomcat9_9.0.31-1~deb10u3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAmAIKOQSHGVib3VyZ0Bh
cGFjaGUub3JnAAoJEPUTxBnkudCsUYEP/Rmh7THqiNr3V7YfQwAfzGwZDDOFgue7
C/dPUrDtz0gObR70lJ8oKRi2HOGwuNW2cpz3qW0N1+m5bjy0WCXQ5QfBN8O5FQoL
ScgF5Q5saTiAYouz03ix0tRRm+33/gy8trKStbTVedISJYXbxGxB321GPEWiaBE0
RG6GxWtoou42Gbx9pRI95QcCBv0hfoKW/W+PiHR0qf5fndR5UXAJGc0nrmlzwdU5
K3nyvJGmH6I3R+ZfjG0aZ8DdkBGpeBGvaAL+nTHDmYikUzyBoHRDyCAZ7lQ/+ZhR
EzJAZbpDCp9Pe4G6Etfd4Mz56G3xENelSdteTqnRpNbL0H3JHgk//W8lw8JW/nFm
krg1AlFWHrVwPv6p6W29YNkv9GQYWA3dQOGivSQLifurNZqdbymzKMV/dGG+4d13
Vupx2B/QvK1Mr/DLJeJfOdHpPLCYZYxxyYR92oguvDHf1wUcBW9IsJrRubxy0a+i
3k3LG0viDyRzuch51XpqmoSY5P/gET7MSGoQB+xlk3F4Wc4EZ+vHixDofdry2oDL
YEdhuGOHYCR/lLVpEiuXO9kcEONuiBoafZuCcNJyf5g0R5a48CNmL/g1HGGZ3ET/
bFQclfTC003cjFhAeMxdc8N7y9VKOG04bQ5NCJD3nNQ8OIenwjMIT4LP38ben1WY
7dPwW2L2bbMv
=bqJa
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.

More information about the pkg-java-maintainers mailing list