-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 25 Apr 2020 14:24:56 +0200 Source: tomcat9 Binary: libtomcat9-embed-java libtomcat9-java tomcat9 tomcat9-admin tomcat9-common tomcat9-docs tomcat9-examples tomcat9-user Architecture: source all Version: 9.0.31-1~deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libtomcat9-embed-java - Apache Tomcat 9 - Servlet and JSP engine -- embed libraries libtomcat9-java - Apache Tomcat 9 - Servlet and JSP engine -- core libraries tomcat9 - Apache Tomcat 9 - Servlet and JSP engine tomcat9-admin - Apache Tomcat 9 - Servlet and JSP engine -- admin web application tomcat9-common - Apache Tomcat 9 - Servlet and JSP engine -- common files tomcat9-docs - Apache Tomcat 9 - Servlet and JSP engine -- documentation tomcat9-examples - Apache Tomcat 9 - Servlet and JSP engine -- example web applicati tomcat9-user - Apache Tomcat 9 - Servlet and JSP engine -- tools to create user Changes: tomcat9 (9.0.31-1~deb10u1) buster-security; urgency=high . * Team upload. * Backport 9.0.31-1 to Buster to fix CVE-2020-1938, CVE-2020-1935, CVE-2019-17569, CVE-2019-17563, CVE-2019-12418 and CVE-2019-10072. The fix for CVE-2020-1938 may require configuration changes when Tomcat is used with the AJP protocol, e.g. in combination with libapache-mod-jk. For instance the attribute secretRequired is set to true by default now. Server admins should carefully investigate the impact of the changes before upgrading. See also https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html Checksums-Sha1: f18787a7af2ec42269afc7b6560e543d56ecf454 2889 tomcat9_9.0.31-1~deb10u1.dsc 6dce5750da0a116b733f87b29bd896809d3926c9 3853428 tomcat9_9.0.31.orig.tar.xz b4d7e7d3a615e557d87bd9b5e670d94d14e8708c 33880 tomcat9_9.0.31-1~deb10u1.debian.tar.xz 823c3935d93ace6301af7c1d7c546d5c43e092e4 4097436 libtomcat9-embed-java_9.0.31-1~deb10u1_all.deb aabf3c04b63026f0e678138a25b9b49162188b40 5844208 libtomcat9-java_9.0.31-1~deb10u1_all.deb 5eb6a60d5b644603625d344c3e333f1e265b32f9 33480 tomcat9-admin_9.0.31-1~deb10u1_all.deb 81bd6d470baf7acc785098be5b81a4062b01ee4b 68704 tomcat9-common_9.0.31-1~deb10u1_all.deb 6855887d7530166ec969df0aca17c9aeb8129056 704680 tomcat9-docs_9.0.31-1~deb10u1_all.deb 74b9a0100080794d9a6cc7fa1521295c9dc74f78 190572 tomcat9-examples_9.0.31-1~deb10u1_all.deb e3e8cdbef7445f37e10877999474e0c164c820c3 41628 tomcat9-user_9.0.31-1~deb10u1_all.deb 834509aa2d4669574038f8df1c5083f4efdf1094 45352 tomcat9_9.0.31-1~deb10u1_all.deb 0a9568b4f0059129d29ae0d413321e7be645d673 13742 tomcat9_9.0.31-1~deb10u1_amd64.buildinfo Checksums-Sha256: 257740f4ed15eda45a5149e44d9bca82cacc31fd08013334692fdabce6270ad0 2889 tomcat9_9.0.31-1~deb10u1.dsc d8d61755c7d670f44b58d5863a79b0f1e900c3a832d74d9b57d6bdc130bbd6c8 3853428 tomcat9_9.0.31.orig.tar.xz ad3f2fc89b20fd4c9a40fe432715389af79e90161d2eccabb9363c12ff9e0172 33880 tomcat9_9.0.31-1~deb10u1.debian.tar.xz 249d6fcf6a012c1281e625880253374169b37d355ea37c1a158b748960e24abe 4097436 libtomcat9-embed-java_9.0.31-1~deb10u1_all.deb ff1d46c2c79cc6d18badd29bffb6e3c95e4903b3ec0caef9950f3a4efddf1435 5844208 libtomcat9-java_9.0.31-1~deb10u1_all.deb b2f63e60d406d9f7d4a42c4f579a61edc40858993f26053ddcd73d99c53482e8 33480 tomcat9-admin_9.0.31-1~deb10u1_all.deb 7b10eb6fda4fcff020005e6b2290908c5eb49cf6e8795e3f59ba97f27222eb09 68704 tomcat9-common_9.0.31-1~deb10u1_all.deb a1e556e7144fc2ac7dc300a500b602008fb819d6b5a4c1ea9339ed4fd391f1b3 704680 tomcat9-docs_9.0.31-1~deb10u1_all.deb 899f0c3fd06ad68633b68bcc6864bead1afe094b284a291c9bbf2f3edd30a2f5 190572 tomcat9-examples_9.0.31-1~deb10u1_all.deb 4d50d8fab7cf8d537d52dae8dda1fd696b11ad17d874555bb8e221dffcfd323e 41628 tomcat9-user_9.0.31-1~deb10u1_all.deb 5adaf7d516b3eb02bcc97fae509684594f3121a763736d1a0d67651fac0c57ee 45352 tomcat9_9.0.31-1~deb10u1_all.deb 0da07e7af37a0f0a0da3dde2a688c949b6a4a251b1fbc8517ae2349009d3e1ea 13742 tomcat9_9.0.31-1~deb10u1_amd64.buildinfo Files: ef4c4a3eb5287e4fb362d29d133e1ff9 2889 java optional tomcat9_9.0.31-1~deb10u1.dsc c6f454e03cfa1b203cc8784c7df39885 3853428 java optional tomcat9_9.0.31.orig.tar.xz 9810b747442363bf1f42541a469120ed 33880 java optional tomcat9_9.0.31-1~deb10u1.debian.tar.xz 3ad5f700b43f7b2b6ab0c7a33d03f916 4097436 java optional libtomcat9-embed-java_9.0.31-1~deb10u1_all.deb 7e097ffa1f99b021c058ef6836124439 5844208 java optional libtomcat9-java_9.0.31-1~deb10u1_all.deb d0788b97fdf158192683ee8f0febb5f5 33480 java optional tomcat9-admin_9.0.31-1~deb10u1_all.deb 311036fc3a8d867512c29c3ff3f33963 68704 java optional tomcat9-common_9.0.31-1~deb10u1_all.deb dbdba6339c413870863694dfb248114e 704680 doc optional tomcat9-docs_9.0.31-1~deb10u1_all.deb 78ff128a03df23c1de2ea379474f045b 190572 java optional tomcat9-examples_9.0.31-1~deb10u1_all.deb fa6a709f1f7dc43b8d1d301518551e6b 41628 java optional tomcat9-user_9.0.31-1~deb10u1_all.deb a2c05210c78e855a39a41707599a5704 45352 java optional tomcat9_9.0.31-1~deb10u1_all.deb 867064cfed192c058e2b1f076b284185 13742 java optional tomcat9_9.0.31-1~deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl6vOh9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk2/UQAKEaUTjqtAESGosKR2sxjnBcGJOHO7DvrTl1 KYGXyT8RsUOZJgM6rBxKjpOVZcH1md8MHT9opFhFOronrheqiB8fWjSWb2cr3ARC LALUlnVu37CpW+hwoJFCNPXuQcSIbmAXQ2VAq5BVCvFgV3nYgWyPcYzPGv0MpSgL uh0jRV+k7qEafE0jl43subyF1c6K2ihn9cUE7b6z8pBizAJ1V1g3on/ZB2TJCVbN K3OoNKm9L3+bhfJiAlh8hpHb/ai03wCpaRkgpiYva9ZK4ytYEvGSEy90iaD7iPwY 8gCTDCpVL7u6KnjgxCvRNUV5aiWaLIdFzOv6l6oUNmInr4+1qca0HsYxZe/VMazG KhRO6P9PPvA38yxGM+NLIC8TRMuvkpIGJS6uC+qgpid3bQojjVtXEZAfnaxrj3lI +8sKqFtib15Dm1NghN/yWGr32q8CzKsnWYFum+VgZ9DeBfsjxOxA3bthgTpRDIH8 /gIof7oCEZ3PH9ZiClH4Tz4sMADIDCJQTV0lxAZ9IWOmn5+fo84d93Kz4sOogEDE 6ij9v2Ezhg0DJGSpnq6v0B4YvFNmSYXdfyus3mo9RQGfoqKd7rrG8S4wkDprzdKE rC9tg86aaoE5WRPWqp58Wd7wZiJ1xnvNd1PcYyZYRk4SVhBtlBvwdGSUofQ/bY2V 8n5MJ536 =hemO -----END PGP SIGNATURE-----