Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted tomcat8 8.5.54-0+deb9u3 (source all) into oldstable
Date: Wed, 22 Jul 2020 15:40:18 +0000
Signed by: Markus Koschany <apo@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 22 Jul 2020 17:22:27 +0200
Source: tomcat8
Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libtomcat8-embed-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs
Architecture: source all
Version: 8.5.54-0+deb9u3
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API classes
 libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API documenta
 libtomcat8-embed-java - Apache Tomcat 8 - Servlet and JSP engine -- embed libraries
 libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries
 tomcat8    - Apache Tomcat 8 - Servlet and JSP engine
 tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web application
 tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files
 tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation
 tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web applicati
 tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user
Changes:
 tomcat8 (8.5.54-0+deb9u3) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2020-13934:
     An h2c direct connection to Apache Tomcat did not release the HTTP/1.1
     processor after the upgrade to HTTP/2. If a sufficient number of such
     requests were made, an OutOfMemoryException could occur leading to a denial
     of service.
   * Fix CVE-2020-13935:
     The payload length in a WebSocket frame was not correctly validated in
     Apache Tomcat. Invalid payload lengths could trigger an infinite loop.
     Multiple requests with invalid payload lengths could lead to a denial of
     service.
Checksums-Sha1:
 d3708d39c3042da0d688f1790b86979e4b4916c7 3101 tomcat8_8.5.54-0+deb9u3.dsc
 b0b5fc35ff95b1ea589f6eb81e63855f58200f5d 47116 tomcat8_8.5.54-0+deb9u3.debian.tar.xz
 f17599158aeab682bc1dbb44430fc329bc602f40 244068 libservlet3.1-java-doc_8.5.54-0+deb9u3_all.deb
 38ac127d4fbcb3862a88e934083eeabe0c128d96 403604 libservlet3.1-java_8.5.54-0+deb9u3_all.deb
 86ff731ae714d298e61a832df74b66fc9b474628 4106214 libtomcat8-embed-java_8.5.54-0+deb9u3_all.deb
 439e157a1bd808afeb7e1fe1d5ba0c8128c429a0 5362026 libtomcat8-java_8.5.54-0+deb9u3_all.deb
 2c7942895d6caf2936b30b51a76d27f372367714 33290 tomcat8-admin_8.5.54-0+deb9u3_all.deb
 d6b7a0aabcabfef5ab8fc09e7a32bf3d0692b0a4 67578 tomcat8-common_8.5.54-0+deb9u3_all.deb
 7db710a2843f31046f3d120b8cb73ea0d449870f 691124 tomcat8-docs_8.5.54-0+deb9u3_all.deb
 4c952c0a5158b9377426cd857f6a55f6052865bd 190060 tomcat8-examples_8.5.54-0+deb9u3_all.deb
 81df6ec5236db8067ed3b7fcfdd37941fe7e53d9 41742 tomcat8-user_8.5.54-0+deb9u3_all.deb
 f08f7f7a5fdf5c405d6e87f6602c79fc212360d9 53906 tomcat8_8.5.54-0+deb9u3_all.deb
 d9c00fdd79db7cfb7df65575256fb1d87a8591fa 14621 tomcat8_8.5.54-0+deb9u3_amd64.buildinfo
Checksums-Sha256:
 a5826a316163e3639ba87708b0354bba5bf906cb0559493a9fc68094b86c3cc7 3101 tomcat8_8.5.54-0+deb9u3.dsc
 3e9f7416973748044b14e236c0e7faa1708c637e4bcb52d207cdbc300ec6257d 47116 tomcat8_8.5.54-0+deb9u3.debian.tar.xz
 b0ba79215f7a9f1fea20dc2adca5f153f0a2bf9ba8f54d85be86433406111002 244068 libservlet3.1-java-doc_8.5.54-0+deb9u3_all.deb
 31fc4e0a667b4c943c5a24e79d915fdaf9281e43c90c9228113ae49608bdc3a9 403604 libservlet3.1-java_8.5.54-0+deb9u3_all.deb
 394334804b825f98323f2672d4a48f877e4da32f98b886f25cabebb18945eb47 4106214 libtomcat8-embed-java_8.5.54-0+deb9u3_all.deb
 1c78ab5ba92cc907de99444c883c12f7f626c739cced0f13de8c035b76a6a385 5362026 libtomcat8-java_8.5.54-0+deb9u3_all.deb
 8e0694869eabb5bddc424fd0d807a899c8a93974a3bafda76c7e3b7352f90b60 33290 tomcat8-admin_8.5.54-0+deb9u3_all.deb
 c80efd7b5b2d4a59c95359904364e123607832fa4ba31b912c6f5ddb57a7e260 67578 tomcat8-common_8.5.54-0+deb9u3_all.deb
 68321b437752f4686840258e3eb9f95cdd06de6eecb5273dc7fa1ddb470118c1 691124 tomcat8-docs_8.5.54-0+deb9u3_all.deb
 1fa98e5d31de503dd5ff3cc55d9da1c9e275b09068e030a00d5f68125a36ce96 190060 tomcat8-examples_8.5.54-0+deb9u3_all.deb
 7466f1554677fe00efd6f13ca6fdf395c23eb1ed01b1c97e3eec4fe8897c3658 41742 tomcat8-user_8.5.54-0+deb9u3_all.deb
 6585b78e99e537f240b3c56068b82676a14288e7009a509001f0bef91687e52c 53906 tomcat8_8.5.54-0+deb9u3_all.deb
 06e67dbbd1161c8e2b8327cc748abe173a15976f3e97c79dea5dcba82294cb37 14621 tomcat8_8.5.54-0+deb9u3_amd64.buildinfo
Files:
 c7f0bfddfb481c040e386dc9736585a9 3101 java optional tomcat8_8.5.54-0+deb9u3.dsc
 75b12825714a6d2e859bfe05f4f22505 47116 java optional tomcat8_8.5.54-0+deb9u3.debian.tar.xz
 15fb87bdff7eeae3d03f6368c316d6fd 244068 doc optional libservlet3.1-java-doc_8.5.54-0+deb9u3_all.deb
 a4aec35473c2191d6c6b6997a06e539b 403604 java optional libservlet3.1-java_8.5.54-0+deb9u3_all.deb
 20a078691f44689f3915953400efb133 4106214 java optional libtomcat8-embed-java_8.5.54-0+deb9u3_all.deb
 1b614c726038c5b11930f9c072d32901 5362026 java optional libtomcat8-java_8.5.54-0+deb9u3_all.deb
 3a28cc9409d7e9b2b5e2b21439dbad3f 33290 java optional tomcat8-admin_8.5.54-0+deb9u3_all.deb
 ceff2ecf3bb2f560941f2a27074f515f 67578 java optional tomcat8-common_8.5.54-0+deb9u3_all.deb
 7d2105b0098ee7dbb33eaf523100b290 691124 doc optional tomcat8-docs_8.5.54-0+deb9u3_all.deb
 5679bd656c5ea18adf1b9bd01eaf0d08 190060 java optional tomcat8-examples_8.5.54-0+deb9u3_all.deb
 467b27d22ab288cdd2e130c74935b35a 41742 java optional tomcat8-user_8.5.54-0+deb9u3_all.deb
 5ea8aa2790899a3903e2abfa9eaf08ad 53906 java optional tomcat8_8.5.54-0+deb9u3_all.deb
 e220506a92178ebc29c4ddeadba02f43 14621 java optional tomcat8_8.5.54-0+deb9u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl8YW1ZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkiGwP/2EeJ+0GmjDi09EtcntLqbrX8lXjFnLqcmac
KB30YW9rfKSG2YFoXEzWUItYO+IqcsdbllE8mHlCVSsEAx7/JgDGXmJ4k5LXxpfP
GioQbwP2kAxbhUPGhhhE2atD5MsmeHhT5HtVAzvVMpmNWz82/L3idBeAZjJ8grk/
6lF9bVDqvjLEb2klVFLa6qfy/EW6jDMGARkfWGoi6JsjAwcXzEcZU+Tn5/7hzW8p
Tdkttf3UJPQVEcZWp2EY/xKmc4tOdJ0XK97xydp1rH3p3mHaP5Rm8qeRnL9DMNDk
qud+7z0ujCUFchNCi5e59LMZZzOfJZregT8nsxEzCMVr7wu8mcfG84U0gDfsAeIn
Z3TshHfGQakksPBOPF5I9SrhOQhmfESV23xym8e+Fh/YMmCnA7xW3DhZ5lnqJ0bb
QZg3i6yzOlyk/kJq0qTWhI7VawCv9D76kMbiRUa/5xtFahcWbn2Uq5UgDvx3m5DI
+XKscOGd0wUzcOnxTQjGtX7vGsmJQN6oBGwfPSUyzgXmrArselupwbbAXlhyqtwC
rvNtXihooZIk5gGNqqIjKrjTipFRTIEXATKd9VqCgUJAi6QtdFAkN6JxmCFNVTlE
F1xj+RDThRp0Y4BXPfZFzdy6b7qP+LUJrSCMzPT/hhbF3ZbGH8W8xxpk5KARzkHp
dT6XeUyF
=Rbw9
-----END PGP SIGNATURE-----
News for package tomcat8
