tomcat9_9.0.43-2~deb11u2_source.changes ACCEPTED into proposed-updates->stable-new
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Thu Oct 14 21:42:46 BST 2021
Mapping bullseye to stable.
Mapping stable to proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 25 Sep 2021 21:34:00 +0200
Source: tomcat9
Architecture: source
Version: 9.0.43-2~deb11u2
Distribution: bullseye
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at debian.org>
Closes: 987179
Changes:
tomcat9 (9.0.43-2~deb11u2) bullseye-security; urgency=high
.
* Team upload.
* CVE-2021-30640: Fix NullPointerException.
If no userRoleAttribute is specified in the user's Realm configuration its
default value will be null. This will cause a NPE in the methods
doFilterEscaping and doAttributeValueEscaping. This is upstream bug
https://bz.apache.org/bugzilla/show_bug.cgi?id=65308
* Set the fileOwner of catalina.out to tomcat explicitly.
Thanks to Adam Cecile for the report. (Closes: #987179)
* Fix CVE-2021-41079:
Apache Tomcat did not properly validate incoming TLS packets. When Tomcat
was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially
crafted packet could be used to trigger an infinite loop resulting in a
denial of service.
Checksums-Sha1:
a27ec0f15a525ee97dd99fa5bf91c37c71661c62 2906 tomcat9_9.0.43-2~deb11u2.dsc
d3db3ecc231ff648ea3678c0bf4a3e97d764592c 39700 tomcat9_9.0.43-2~deb11u2.debian.tar.xz
92042feb2c7f05d782b8760815679d91974e9d86 13842 tomcat9_9.0.43-2~deb11u2_amd64.buildinfo
Checksums-Sha256:
98d55301f6d8e0ce06c1c32363f2f0d13c160ebc6112d824a8edd76d7b89b16d 2906 tomcat9_9.0.43-2~deb11u2.dsc
09d789107102d037ecce90a9dd74d667c2c4acb1239668012794abbbc6867251 39700 tomcat9_9.0.43-2~deb11u2.debian.tar.xz
e68a6748ecb5a31e9c806ec20888bcf0e5d7a9c72618c3ab9fcac8dbe160f710 13842 tomcat9_9.0.43-2~deb11u2_amd64.buildinfo
Files:
e6eecf8fbe6d21a01dd781f4c07f41bc 2906 java optional tomcat9_9.0.43-2~deb11u2.dsc
88da03eb8cf6791b2e76e0a5ee9dbcbd 39700 java optional tomcat9_9.0.43-2~deb11u2.debian.tar.xz
961474e1c3997ea2b75890659e6a92d2 13842 java optional tomcat9_9.0.43-2~deb11u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmFgT8BfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk9sIQAKa5EfMxTU93FBbjiY47jfTCGOOT+u+OuCJU
EJ7GmZgwtyLEHDrCvuJyvJTZSTxukVGyLqaID2Ou06/5CjZQJ2CuUlf7g91dDT0R
1djA24EF+h129YlN0hH9kT81981XzTp6UO5+plDhOzfjh+d3EqPf8xGzuSLotAlR
oJrDGJltoivyEiuSZSljQLdPNZAzzrpsMK1UkYACEacpOBwq0GHoEcq7Hihx0Qde
LzztVyhu9zaWclAAaBGQWIH8pebK763AybOOVlBgk1Ggrnru6feqsf+Ufds+mRnk
AdNeLNYsKgFp+pGvgx4At89YJKravagnoSV6FCJNs9lEoxUXyufY7q7gKpXuTI3n
D9PMoFkJ8PYc7TrQYR6gbW2iLHjrp9N92bRf2lCrsdDdkMPQCkyPC0eCK4HJ37DH
mG9+lFoaiVZxkshbyDra0zOmVvLgAffozGVY1ZsFLcpEcU08cLY68ENsEH90Qfsv
AEQDEGol9bLGAnkJKXh5C8H4HBHVsjVfVTc2H9l/Is45GkGC1A0o/JNELSt/+T7x
mLc9ZyKKtzMnWRXnyKUiZoeGfQJAMUOyINNhJaskPe00OQ/2f9Wh4bebp2Wi0NgQ
fhKI9K/pwUH8H9ia+wAstfKGWlL6Vj5pkhoJEXCeyA9alxPRcBlFp0E31wlNTiWt
Lj+ajdRS
=lAT4
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the pkg-java-maintainers
mailing list