Debian Package Tracker

From: Markus Koschany <apo@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted tomcat7 7.0.56-3+really7.0.99-1 (source all) into oldoldstable
Date: Mon, 27 Jan 2020 22:30:22 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 27 Jan 2020 22:21:41 +0100
Source: tomcat7
Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs
Architecture: source all
Version: 7.0.56-3+really7.0.99-1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes
 libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation
 libtomcat7-java - Servlet and JSP engine -- core libraries
 tomcat7    - Servlet and JSP engine
 tomcat7-admin - Servlet and JSP engine -- admin web applications
 tomcat7-common - Servlet and JSP engine -- common files
 tomcat7-docs - Servlet and JSP engine -- documentation
 tomcat7-examples - Servlet and JSP engine -- example web applications
 tomcat7-user - Servlet and JSP engine -- tools to create user instances
Changes:
 tomcat7 (7.0.56-3+really7.0.99-1) jessie-security; urgency=high
 .
   * New upstream version 7.0.56-3+really7.0.99.
   * Fix CVE-2019-12418:
     When Apache Tomcat is configured with the JMX Remote Lifecycle Listener, a
     local attacker without access to the Tomcat process or configuration files
     is able to manipulate the RMI registry to perform a man-in-the-middle
     attack to capture user names and passwords used to access the JMX
     interface. The attacker can then use these credentials to access the JMX
     interface and gain complete control over the Tomcat instance.
   * Fix CVE-2019-17563:
     When using FORM authentication with Apache Tomcat there was a narrow window
     where an attacker could perform a session fixation attack. The window was
     considered too narrow for an exploit to be practical but, erring on the
     side of caution, this issue has been treated as a security vulnerability.
Checksums-Sha1:
 a39575d42ea0dd1abe404fe7a9ef78cbf619a910 3026 tomcat7_7.0.56-3+really7.0.99-1.dsc
 0c613d062542231072bc2518e1f2ecd1772e1519 3411108 tomcat7_7.0.56-3+really7.0.99.orig.tar.xz
 cf3521b55e4320937334c64b82402d6504fb19fe 53224 tomcat7_7.0.56-3+really7.0.99-1.debian.tar.xz
 543f3db2bcbef7313186ef98e68414af73a8cab6 299412 tomcat7-common_7.0.56-3+really7.0.99-1_all.deb
 3cec0b2d210b25a2365880c5bbffce1f94221fd0 55902 tomcat7_7.0.56-3+really7.0.99-1_all.deb
 321339e313b7af2e5587d362189004c4e593cd53 43452 tomcat7-user_7.0.56-3+really7.0.99-1_all.deb
 15442d76831712bde1ce9808be286c260805c748 4006902 libtomcat7-java_7.0.56-3+really7.0.99-1_all.deb
 cbb98d1760f34e3699d83714967998c6f0b5d51b 319076 libservlet3.0-java_7.0.56-3+really7.0.99-1_all.deb
 9e599050617604e66b3fc4ea3592bb69cf68ce5b 211470 libservlet3.0-java-doc_7.0.56-3+really7.0.99-1_all.deb
 0af36e53cea7e3118a4cce63c19382dcb5e8a430 39544 tomcat7-admin_7.0.56-3+really7.0.99-1_all.deb
 ba30b50eb5cbc5df3f9e6d1c0a8bef275a64cc1e 202708 tomcat7-examples_7.0.56-3+really7.0.99-1_all.deb
 a507cfa5e22d48b4007b16d730703ecce3d7e94d 700348 tomcat7-docs_7.0.56-3+really7.0.99-1_all.deb
Checksums-Sha256:
 f220438ba6eb6ece3c460c24369049860aa44b4c6ae918d4f2031abeda389560 3026 tomcat7_7.0.56-3+really7.0.99-1.dsc
 76f07d2278b00d38384a45d56e70f7276dc9bd31a82985ad5f36372dce9c7c2c 3411108 tomcat7_7.0.56-3+really7.0.99.orig.tar.xz
 87d4b9cd25a045f48a58ce38a87cef1e3a0ae7a90d78515c0225313c5090bbd1 53224 tomcat7_7.0.56-3+really7.0.99-1.debian.tar.xz
 0fcf5fc5e6c25837cb77e4a9a5dcf6738075a0058a73bec0311aafd59d3c7f13 299412 tomcat7-common_7.0.56-3+really7.0.99-1_all.deb
 92c503a1eb4bda45a8ae4a5164bfac01fd753d4c9a49f52c175c2d2f5895fbc0 55902 tomcat7_7.0.56-3+really7.0.99-1_all.deb
 7ba60960f6135a0934f5a5c901f1012c8a737aec3a30ed66635bef8ebfae8305 43452 tomcat7-user_7.0.56-3+really7.0.99-1_all.deb
 e36242308a6e1bfc57c2b387751fcbe679240b738555b60ea5f3af3a2e207d9a 4006902 libtomcat7-java_7.0.56-3+really7.0.99-1_all.deb
 234a73fc1411453a6e52d15a9154b6ddd89303b29f87dd9fa3970fa145cb1bbd 319076 libservlet3.0-java_7.0.56-3+really7.0.99-1_all.deb
 75189fda91f8acf840dc9a1be3612f06080c2f0f3e0805a3497818cc266fa1ca 211470 libservlet3.0-java-doc_7.0.56-3+really7.0.99-1_all.deb
 3d5d5d9d891928ac2bdaeeefb7889138f4d9e0c324a7b3e8bb596d2305ad49e4 39544 tomcat7-admin_7.0.56-3+really7.0.99-1_all.deb
 59bd765d2001238ef2ea7ce2620f8585ea538475f027ed78ad6ff52e15902672 202708 tomcat7-examples_7.0.56-3+really7.0.99-1_all.deb
 784c9007623a29cad5ad25cac198c0c9dc769d0b859c8c28f68a90fa71691d16 700348 tomcat7-docs_7.0.56-3+really7.0.99-1_all.deb
Files:
 899bac355468d7a5cd0c4eae9d8ffd3d 3026 java optional tomcat7_7.0.56-3+really7.0.99-1.dsc
 337af8a8290f67e0d438ae922db4e0f9 3411108 java optional tomcat7_7.0.56-3+really7.0.99.orig.tar.xz
 726f2bc69c34ddebdc86b8f376282437 53224 java optional tomcat7_7.0.56-3+really7.0.99-1.debian.tar.xz
 f22869b32b4914318f18a23646879a94 299412 java optional tomcat7-common_7.0.56-3+really7.0.99-1_all.deb
 f2c7b90c2b3d23773dfb86c460f1d85d 55902 java optional tomcat7_7.0.56-3+really7.0.99-1_all.deb
 4a03e2ddda69466c0b6b01230c39a586 43452 java optional tomcat7-user_7.0.56-3+really7.0.99-1_all.deb
 fe262a1f243ef828a8a58531357cdab5 4006902 java optional libtomcat7-java_7.0.56-3+really7.0.99-1_all.deb
 6455232bac2488f889543ea39bf1bf6f 319076 java optional libservlet3.0-java_7.0.56-3+really7.0.99-1_all.deb
 f8f6a9c05d995f6f975d24a32271623a 211470 doc optional libservlet3.0-java-doc_7.0.56-3+really7.0.99-1_all.deb
 4a0575b926c7cbbcc1d81d62ece6d451 39544 java optional tomcat7-admin_7.0.56-3+really7.0.99-1_all.deb
 24879f44ad9d843a0e96cbbe6be9778f 202708 java optional tomcat7-examples_7.0.56-3+really7.0.99-1_all.deb
 af79ca48f273aa0573faf2030a626664 700348 doc optional tomcat7-docs_7.0.56-3+really7.0.99-1_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl4vYUZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk4YoQALgjiaB4fOSg4ZjwYzKQe2Nz1h4y5b3AGL4/
P1YMkOoFVHiA02+31FriWMsSh2eIH8YC7aYgemEurGLcDgCCbLo67Fwhl6Fa2WzI
sLkSsrkpBzJ6Z78tfJqqzlf8NdnUWW5iXdLqH4mR09jO2lpFbdKywdUfeLLtZX8J
tcvHsuxBL9UNcxSB1s7H7QXruMLfcbsIb3si9YVW3h01c5dcl49NLG4KgyY2vmpR
bQlHmnaVHD9fF9jPYEyMTToxiO8s8WcFIxEz1XZaVIzE3vZAjvekGfEm4GK0XCg2
iZduJZDaD2b/NsES9SERtBzAqIKwmQEUJl6W6EAkDqK3mglE6MpC4TXQRid0Dry1
Tr2TOvkjci6b31aeF9lwFdVJls6/hl226cikx1PN+g2dLmSZfPibTtQ5grXI+hTu
8IZp6JaJ3zDTgfcuotZR8tJLmtqc9MTIvBJKT2ZcXFlfpweQGLBbuQYmKsek13Hd
Rn7KZCOSNyLEJYYX2L+/q0jvx6OPzLXSm4VUXNQ2JYIx0VedtmW+GFZpLmsVglYo
7vx2X2tUSzKlR8+HV0z9K26/w2EW0iQnANwCEe8boCHfiLHX/VpURI5OWN1kg+Mm
MM/q9uAID1piGjwsy3nFYuK5H+WqTfw7s5hUueSb+aHOEjqTblMulNoTrfhEqEU5
183wXaij
=AeN9
-----END PGP SIGNATURE-----
News for package tomcat7
