tomcat8_8.5.11-2~bpo8+1_amd64.changes ACCEPTED into jessie-backports->backports-policy, jessie-backports
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sat Apr 22 19:18:09 UTC 2017
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 18 Apr 2017 16:18:17 +0200
Source: tomcat8
Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libtomcat8-embed-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs
Architecture: source all
Version: 8.5.11-2~bpo8+1
Distribution: jessie-backports
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebourg at apache.org>
Description:
libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API classes
libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API documenta
libtomcat8-embed-java - Apache Tomcat 8 - Servlet and JSP engine -- embed libraries
libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries
tomcat8 - Apache Tomcat 8 - Servlet and JSP engine
tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web application
tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files
tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation
tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web applicati
tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user
Closes: 860068
Changes:
tomcat8 (8.5.11-2~bpo8+1) jessie-backports; urgency=medium
.
* Rebuild for jessie-backports.
.
tomcat8 (8.5.11-2) unstable; urgency=medium
.
* Team upload.
* Fix the following security vulnerabilities (Closes: #860068):
Thanks to Salvatore Bonaccorso for the report.
- CVE-2017-5647:
A bug in the handling of the pipelined requests when send file was used
resulted in the pipelined request being lost when send file processing of
the previous request completed. This could result in responses appearing
to be sent for the wrong request. For example, a user agent that sent
requests A, B and C could see the correct response for request A, the
response for request C for request B and no response for request C.
- CVE-2017-5648:
It was noticed that some calls to application listeners did not use the
appropriate facade object. When running an untrusted application under a
SecurityManager, it was therefore possible for that untrusted application
to retain a reference to the request or response object and thereby access
and/or modify information associated with another web application.
- CVE-2017-5650:
The handling of an HTTP/2 GOAWAY frame for a connection did not close
streams associated with that connection that were currently waiting for a
WINDOW_UPDATE before allowing the application to write more data. These
waiting streams each consumed a thread. A malicious client could therefore
construct a series of HTTP/2 requests that would consume all available
processing threads.
- CVE-2017-5651:
The refactoring of the HTTP connectors for 8.5.x onwards, introduced a
regression in the send file processing. If the send file processing
completed quickly, it was possible for the Processor to be added to the
processor cache twice. This could result in the same Processor being used
for multiple requests which in turn could lead to unexpected errors and/or
response mix-up.
* debian/control: tomcat8: Fix Lintian error and depend on lsb-base.
Checksums-Sha1:
3c66b3e19d99a85d7ce40ed1b6a272d39d917b63 2946 tomcat8_8.5.11-2~bpo8+1.dsc
5cfb784b62022e7380e1c86080558272ec19f577 3306200 tomcat8_8.5.11.orig.tar.xz
0878e3bb830425c0d31f8b42f75254e27a913dce 46192 tomcat8_8.5.11-2~bpo8+1.debian.tar.xz
de3870689547912ec843f2ed39ebc1ae7316a078 62694 tomcat8-common_8.5.11-2~bpo8+1_all.deb
35d11e7207fcb291884c1e424b1c12240970ced8 51920 tomcat8_8.5.11-2~bpo8+1_all.deb
105f9fcb6d648ed5f92873460b63edbe194b3844 38694 tomcat8-user_8.5.11-2~bpo8+1_all.deb
9233f486017b67318a9a81bb6aafca2a50620528 4773300 libtomcat8-java_8.5.11-2~bpo8+1_all.deb
9bb3d47910e047746dac5b97b3b6af40d94c1c1b 3831792 libtomcat8-embed-java_8.5.11-2~bpo8+1_all.deb
6547cc17d32fe6345d38114fbf2beb1d89b8bdad 392868 libservlet3.1-java_8.5.11-2~bpo8+1_all.deb
1928b805da97e0325ae308afb43bc076efc0a8c0 252838 libservlet3.1-java-doc_8.5.11-2~bpo8+1_all.deb
8d3bc3cd4555e7243867d5afb7c3a0b9c422f4c4 33138 tomcat8-admin_8.5.11-2~bpo8+1_all.deb
3479916a69aae63082399a74da0289d9db7916b1 190368 tomcat8-examples_8.5.11-2~bpo8+1_all.deb
a10f71f3fa50ac815545a07d9327567143b09025 676068 tomcat8-docs_8.5.11-2~bpo8+1_all.deb
Checksums-Sha256:
43ae289887c8a0a1a7072812d5507af1b68c1c9636724c6c7fc9c4a57496e95d 2946 tomcat8_8.5.11-2~bpo8+1.dsc
a56fb177974572521e849400d0cb1bf8d7ddccb55dd8157fda48befaaa792774 3306200 tomcat8_8.5.11.orig.tar.xz
37259e9b298de6eebdac79cc4c28f5e7b207556bc229b80129fa1d7f088bf81a 46192 tomcat8_8.5.11-2~bpo8+1.debian.tar.xz
50fcb19e753ca1a1c8acb888c56d35e57a836130429c864545ac7f4f04f75461 62694 tomcat8-common_8.5.11-2~bpo8+1_all.deb
7c572dc2ff13a74ba6a78960f46e6f19c1130ff8c6ac915f0b592a2dddbd1b48 51920 tomcat8_8.5.11-2~bpo8+1_all.deb
8a8d0e1b123b0e20321798474b8565adde74c884f537ee4a33ae4fa132833312 38694 tomcat8-user_8.5.11-2~bpo8+1_all.deb
291dbabfd6f9b543fbb7352a87f45169e34d2d27b4c8fa819b11e9c359ad5362 4773300 libtomcat8-java_8.5.11-2~bpo8+1_all.deb
9133e8ae22ac656ffac18f3d51bd20e9a35fce1faf0dd82489deb11730abca35 3831792 libtomcat8-embed-java_8.5.11-2~bpo8+1_all.deb
212a77268f8c7f621f3b9e9bd61a2b302b7644a2a4d4ce45ba8fd734239c927b 392868 libservlet3.1-java_8.5.11-2~bpo8+1_all.deb
5666b953172194b463706ab70d2941b39648675a09699469dae5470b3ead7c9f 252838 libservlet3.1-java-doc_8.5.11-2~bpo8+1_all.deb
204a19fb3dc930af7239e44a6fe30b560be1d5bbbd7ec205bee3b4bddea7e338 33138 tomcat8-admin_8.5.11-2~bpo8+1_all.deb
0163ecaf4bdcc049df9d8a1bcb75d606b502688eb6bea83d295a01b5bc3714e3 190368 tomcat8-examples_8.5.11-2~bpo8+1_all.deb
ad9b163c9d5b5e6acc9793068537c75bffe44c2551b23f88bad99f385e0054d0 676068 tomcat8-docs_8.5.11-2~bpo8+1_all.deb
Files:
83c16c76118e1e02f7d1f30228e6cdb2 2946 java optional tomcat8_8.5.11-2~bpo8+1.dsc
dc2ae8d3af773b5adf0e23b2e61c58a1 3306200 java optional tomcat8_8.5.11.orig.tar.xz
bc760918cf8e1f127b339eeddafa4af1 46192 java optional tomcat8_8.5.11-2~bpo8+1.debian.tar.xz
175b0b49764251fb26abdfe43ab9b879 62694 java optional tomcat8-common_8.5.11-2~bpo8+1_all.deb
b932e51f040be8036e8ee2c02a134beb 51920 java optional tomcat8_8.5.11-2~bpo8+1_all.deb
ec568cb3c09cffc774fe9b7f8f4c6552 38694 java optional tomcat8-user_8.5.11-2~bpo8+1_all.deb
939f253b2d33df15c71ba7905cd4f2c7 4773300 java optional libtomcat8-java_8.5.11-2~bpo8+1_all.deb
6a7746d56025605f8c0632e5b26a639c 3831792 java optional libtomcat8-embed-java_8.5.11-2~bpo8+1_all.deb
2a64986cf2752eae405574d90a35f820 392868 java optional libservlet3.1-java_8.5.11-2~bpo8+1_all.deb
0dc9bd265a066ece57b427e9eeacd959 252838 doc optional libservlet3.1-java-doc_8.5.11-2~bpo8+1_all.deb
15e2916695baf2a4d92fd119a7578928 33138 java optional tomcat8-admin_8.5.11-2~bpo8+1_all.deb
01ef3885cdc5da33a96d7bc41a445342 190368 java optional tomcat8-examples_8.5.11-2~bpo8+1_all.deb
c81071950c1b9cbbb2b2131241706764 676068 doc optional tomcat8-docs_8.5.11-2~bpo8+1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJY9nFgAAoJEPUTxBnkudCsnG4QAKmk8Y8qSQcU3dcydeIrqqlJ
I5J+GvNUuGxAeajfoklBKId4IaKoZtfKSBQf6OfPSXNvc9Ripz8d8OxiJtoV3Vyz
Z35zy5qOC81UB/thH8qeJ8wuWJJ9V/iXI3KeK5F6ZWODo8eJS3PB08GLPSbRPH4o
FBLf2ujkyW2opB9X/8GSoG7EOnXmiL2Gdt0WP/TZQWeD3qtq/Q+dz0Lng15JtHjZ
DkKnApg4P3v8mvL4QvgctYtegJ74lVaBochK/pCI3i4LP6984GcCSBEkKQ6zsBsE
YO6/c6v5O/0EXJNJu/6pP7Fk/ao9/TewFX1EP1Vpt8Hhrie7MDJjPZKErrDa3xIH
YGuX7rtPJr0omCGBMu8WSd+O8vrSg5Bs0O2cuP6WDXo4ccVexrvDQ3TAHj6M6WW6
/cP7XXNWBMVXRyrGPw4FLxQc/EqRjoVrqIU8YZcHD/VuSx7v+vKK/iX/aQcSc1wA
FbFyfW9Os3x6T9HFTWiG88jkLQoJHhhAw39MjLpnGjx5zhktiLmMSp5Udx4fgp3n
vH0TjE9pdA3x6NEVpqJE+JoNetFY4UesUtF/KHlvKRFXFnhE3/HXxI+NEK42BY+a
+yXDUd/sYS7bMYzTG0PkJzC9bDZKKiwH4ybxRp37QqhiXdXi/KuGzBG2tLiH5nlb
W4PpodMSm+hv2lZ7GrCo
=dAf/
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the pkg-java-maintainers
mailing list