tomcat10_10.1.6-1+deb12u2_source.changes ACCEPTED into proposed-updates->stable-new
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Wed Apr 17 23:09:17 BST 2024
Thank you for your contribution to Debian.
Mapping stable-security to proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 15 Apr 2024 22:05:02 +0200
Source: tomcat10
Architecture: source
Version: 10.1.6-1+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at debian.org>
Changes:
tomcat10 (10.1.6-1+deb12u2) bookworm-security; urgency=high
.
* Team upload.
* Fix CVE-2023-46589:
Improper Input Validation vulnerability in Apache Tomcat. Tomcat 10 did not
correctly parse HTTP trailer headers. A trailer header that exceeded the
header size limit could cause Tomcat to treat a single request as multiple
requests leading to the possibility of request smuggling when behind a
reverse proxy.
* Fix CVE-2024-24549:
Denial of Service due to improper input validation vulnerability for
HTTP/2. When processing an HTTP/2 request, if the request exceeded any of
the configured limits for headers, the associated HTTP/2 stream was not
reset until after all of the headers had been processed.
* Fix CVE-2024-23672:
Denial of Service via incomplete cleanup vulnerability. It was possible for
WebSocket clients to keep WebSocket connections open leading to increased
resource consumption.
Checksums-Sha1:
91ff9b857c9a5faf9e89b9f5752cb7adf56277d0 2993 tomcat10_10.1.6-1+deb12u2.dsc
30161550450c45b18e4326a0c62e519bcd6c8f7f 48516 tomcat10_10.1.6-1+deb12u2.debian.tar.xz
edb76d38012b4bedbacffe214b270d7c775d0534 14427 tomcat10_10.1.6-1+deb12u2_source.buildinfo
Checksums-Sha256:
b80bdd4a98f5dd8dab2d49efac588f58bcc4dd1202d1b925787a088111a71681 2993 tomcat10_10.1.6-1+deb12u2.dsc
ebe3ad5ef8b27caec12922059b9152a615556cca96ec2f0e878bb991b2ee6f97 48516 tomcat10_10.1.6-1+deb12u2.debian.tar.xz
8c4eb2f4f2331f5ba56b5550cd021b663c55779d6f9e510205eb7779a67f50ce 14427 tomcat10_10.1.6-1+deb12u2_source.buildinfo
Files:
62cbf99bed5fa4a4a0a1e541d0240a26 2993 java optional tomcat10_10.1.6-1+deb12u2.dsc
bba08952be74219e8f933403c931000b 48516 java optional tomcat10_10.1.6-1+deb12u2.debian.tar.xz
05cc9aca9b1e801ce2c3be036c744e47 14427 java optional tomcat10_10.1.6-1+deb12u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmYe2xxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkKMQQAJL5gWfYQwCLKYSs5w5Qk12dDJ25z8JSszvw
89a0DFUo75aq6YVnipgnvb53erwdOCr3YLDx2ER5kN1dlu2QASy45jVgXyRl/pdp
3y+EcnWeF8np1JtshKUU0Xdn57/1OscMQ/kpUX1SVjvdPbT8baN99xIYojHSoQxU
cVQ94a9KScc5T6f504QCzuh6szqzdnsjzoFGVuiolzN29YEdgXYJbXDEn6U+6KRK
oaHr7xVE00oMeaOTcOV+vOFLxSzNJLbADNGPP8X1WaFuFlk5K+pd+Sh5HjL5A+au
iMuQhvtmPZ+RrRm+q7GzwrBP7VvS08vS5M5vXZ1FAz9B/urCxxjZMwWL5Y21wU9m
ICQ81Iyn+EF6Dhuc/9VVW4sNbMY3AVz+q53sC+chhEHbQTSlXSuYbm9CZHDTq2tn
ZIvy4ZNGMP/xdTNHsCuVFrhqiYXsyPJGIsxdthTud0hro6HHgI1fgtc3I6R11azg
t4GmeSfW4S6szwrTdICRG1dmiLNZdbxd+JIER8uczGbaiVwHNIitW/kCiDCZZS3/
LX3Ii5ZtrnYVW5coAt++cBtowcjGNPaPcYgHmJu8h156tcZKinws7BgRQ9GMyxj0
lq48g27vBlo3GUw3gtLusgFlc5sNEp/tGXyJAEqBOrQ1gYjByJBlrkSAyjt1sqaV
Xi7/uBpL
=44nP
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20240417/319a56e4/attachment-0001.sig>
More information about the pkg-java-maintainers
mailing list