tomcat7_7.0.28-4+deb7u1_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates

Debian FTP Masters ftpmaster at ftp-master.debian.org
Sun Apr 13 17:18:20 UTC 2014 


Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 10 Mar 2014 11:29:54 +0100
Source: tomcat7
Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs
Architecture: source all
Version: 7.0.28-4+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebourg at apache.org>
Description: 
 libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes
 libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation
 libtomcat7-java - Servlet and JSP engine -- core libraries
 tomcat7    - Servlet and JSP engine
 tomcat7-admin - Servlet and JSP engine -- admin web applications
 tomcat7-common - Servlet and JSP engine -- common files
 tomcat7-docs - Servlet and JSP engine -- documentation
 tomcat7-examples - Servlet and JSP engine -- example web applications
 tomcat7-user - Servlet and JSP engine -- tools to create user instances
Closes: 707704
Changes: 
 tomcat7 (7.0.28-4+deb7u1) wheezy-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2014-0050: Multipart requests with a malformed Content-Type header
     can trigger an infinite loop causing a denial of service.
   * Fix CVE-2013-2067: FORM authentication associates the most recent request
     requiring authentication with the current session. By repeatedly sending
     a request for an authenticated resource while the victim is completing
     the login form, an attacker could inject a request that would be executed
     using the victim's credentials. (Closes: #707704)
   * Fix CVE-2013-2071: A runtime exception in AsyncListener.onComplete()
     prevents the request from being recycled. This may expose elements of a
     previous request to a current request.
   * Fix CVE-2012-3544 and CVE-2013-4322: When processing a request submitted
     using the chunked transfer encoding, Tomcat ignored but did not limit any
     extensions that were included. This allows a client to perform a limited
     denial of service.
     by streaming an unlimited amount of data to the server.
   * Fix CVE-2013-4286: Reject requests with multiple content-length headers
     or with a content-length header when chunked encoding is being used.
   * Replaced the expired certificates used by the tests
     (backported from Tomcat 7.0.39)
Checksums-Sha1: 
 a49b46a7a267c41bf48802a196213c8cb0248beb 2625 tomcat7_7.0.28-4+deb7u1.dsc
 1460bb04578684e4b7ec44a6fb68b1a65421783f 3924077 tomcat7_7.0.28.orig.tar.gz
 3123b99072e57afb91828365c86f8d623a85c012 81087 tomcat7_7.0.28-4+deb7u1.debian.tar.gz
 6eb2097316ec78364c84dc4fd6589e3471fb4b8c 60574 tomcat7-common_7.0.28-4+deb7u1_all.deb
 b39f53fb47d1d871c3d28b70e84262b4a25126b8 49530 tomcat7_7.0.28-4+deb7u1_all.deb
 2f26f69da4a93abb0d3351298b1ae60435736a73 37104 tomcat7-user_7.0.28-4+deb7u1_all.deb
 4d27ad7a3ef0100999fea8e2347d1aa884dbbc80 3508060 libtomcat7-java_7.0.28-4+deb7u1_all.deb
 53a62dede0f2f666c7c77b39814c2528e5bb8ee1 304154 libservlet3.0-java_7.0.28-4+deb7u1_all.deb
 9f23ce9f4991c42d01fc7ecd0eb03696ac684df2 301854 libservlet3.0-java-doc_7.0.28-4+deb7u1_all.deb
 131876f33e873363e69a805a1bbeb2db167f8fda 51266 tomcat7-admin_7.0.28-4+deb7u1_all.deb
 80eddc556e2469aa9b602a383c61ef270ec0bac3 202374 tomcat7-examples_7.0.28-4+deb7u1_all.deb
 92a1334d7ddaa8ece456a79deb1e53cd64689d79 651222 tomcat7-docs_7.0.28-4+deb7u1_all.deb
Checksums-Sha256: 
 34347e5969b0ffa48ba8912b6850ded9d888ef6eec6ecbee0e19202c12411e0b 2625 tomcat7_7.0.28-4+deb7u1.dsc
 11ed46d3dbe1dd67c404788feac3d37aa06ed7e7262fa6010c1611898af80fce 3924077 tomcat7_7.0.28.orig.tar.gz
 511b7ceb3601da671636033cead11785089e1765f24c124cc9109c3b777aae2b 81087 tomcat7_7.0.28-4+deb7u1.debian.tar.gz
 28f2f54c7081b0b08ad271035f92c4c283538ab5a8c3835d98820969e1a28177 60574 tomcat7-common_7.0.28-4+deb7u1_all.deb
 f804f73201d0d2bab77e2593489c06c4584ecce689ddb82d77db7222be0a2100 49530 tomcat7_7.0.28-4+deb7u1_all.deb
 ee56dfa7361295db4f4cb3f1fa86a895a655a463d3a7f89627bd1f7fc0011c35 37104 tomcat7-user_7.0.28-4+deb7u1_all.deb
 e5d49e7fbead85a78cdb7d360f9f98509ae384aca8effd2a64e9bc37f750d9a7 3508060 libtomcat7-java_7.0.28-4+deb7u1_all.deb
 219c3fdb354cd2e546761a0849e91193b2041b526245134500d0ba739646929f 304154 libservlet3.0-java_7.0.28-4+deb7u1_all.deb
 735f82476e7876e98843335031c738266563f2ee1245d17e69b0d22e8e57a2ac 301854 libservlet3.0-java-doc_7.0.28-4+deb7u1_all.deb
 b43e097ee34c103b7d138585fd11220f5a7043488fa0d5ba1727d7a5a0d57a2b 51266 tomcat7-admin_7.0.28-4+deb7u1_all.deb
 55380166313a39bdeac63538967161ac82ebee6dca1fe8b2fd7888ad4e66b672 202374 tomcat7-examples_7.0.28-4+deb7u1_all.deb
 857d7b4c4ac1aab796ec5802678eb70c9513edf299affdadf7a384d2c46f2ff7 651222 tomcat7-docs_7.0.28-4+deb7u1_all.deb
Files: 
 d0abbfb78436db161973794b29ff947f 2625 java optional tomcat7_7.0.28-4+deb7u1.dsc
 c33dcbc69a1877d41b4ca4ae7a7c621b 3924077 java optional tomcat7_7.0.28.orig.tar.gz
 4c4ef3dbd21a077246b07eb8bd109772 81087 java optional tomcat7_7.0.28-4+deb7u1.debian.tar.gz
 50005b4326a067238994809c52af7df6 60574 java optional tomcat7-common_7.0.28-4+deb7u1_all.deb
 ee6430c9e81d287f0417b965ea7bb533 49530 java optional tomcat7_7.0.28-4+deb7u1_all.deb
 f1edd85b0efca839ab99c4c7ce714f91 37104 java optional tomcat7-user_7.0.28-4+deb7u1_all.deb
 62600e50aab0c1fdcb47eaa657ecfc07 3508060 java optional libtomcat7-java_7.0.28-4+deb7u1_all.deb
 39592d84790610caa5ab14d5be6564be 304154 java optional libservlet3.0-java_7.0.28-4+deb7u1_all.deb
 7fdc9063009e892a361642ca025f9856 301854 doc optional libservlet3.0-java-doc_7.0.28-4+deb7u1_all.deb
 1d80380c713b1bb1ae0b2253cf55d307 51266 java optional tomcat7-admin_7.0.28-4+deb7u1_all.deb
 8c0a1d42bd73c55f947513c36b67e9bc 202374 java optional tomcat7-examples_7.0.28-4+deb7u1_all.deb
 1cad8586894cc0429a325f9af887e483 651222 doc optional tomcat7-docs_7.0.28-4+deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTQ8rrAAoJEBDCk7bDfE42w9wP/Azp4MnH8PzeBaM/F62HfToX
gbDMNJyhnMZi8C97t0uJ8u9dpCGJMHOze0O5uC3F+k5vW0VS9GmcOoKe6bGVam92
wxPn2qL7c1n6HnZDLgjJAZf2O9FbrnOkQxqrcP04j6lLjyfcIYZygTpasCNDXUpI
nUiCl9EexY/qxo9t/yJA58MRZQqRShU4A3/8YTSYmbBf/PNC3vm0IHqWUZXo35eh
TbgkDnnd/LI2jtQteMtCa//RNTV1dEEOpC1ItXH2xqgLfdg6KRRDIxyb5fSfQkpM
h/Ek+G6VG6bRXJYL6M8fT1FiZ6sCGumh3Oh6tBqcZTk0ROxnw1o5qOjYdU6bBQe3
P6LSaQQ6qrEJWByipAzSeVMJx4nMkU5BRmayJwsEevC3oDRABg5Ke6bcFVVKr339
aLR7DuEf+dAsxze6J/yVokVLBF9pvhnEE3L0Srf7RMkI8vRO77IjNtLJ8TsFtVZB
CBDp8P7wGQhAaH77mT/ff6WLCgAyw7wvYjjQ39Gk4KFBl/oqK6gDFlW97+iAJw46
wuKrYsdlk06kHQ8Vyczh0rof/ha7NI+X+kPHNr/bsrq9w/Xg8XMLEeTDTuysHPLi
ijtwVIbN8nqOkG0ZP5N1LBNAU++LcsQZQ5ytTyPqGyS+rmF+sF+BDQlUSkyXYz8j
+kqM3wNOegvziMPjjdWR
=QiCt
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.

More information about the pkg-java-maintainers mailing list