Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted tomcat9 9.0.43-2 (source) into unstable
Date: Sat, 07 Aug 2021 15:18:28 +0000
Signed by: Markus Koschany <apo@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 07 Aug 2021 00:11:43 +0200
Source: tomcat9
Architecture: source
Version: 9.0.43-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Closes: 991046
Changes:
 tomcat9 (9.0.43-2) unstable; urgency=medium
 .
   * Team upload.
 .
   [ mirabilos ]
   * fix /var/log/tomcat9 permissions
     fixup for commit 51128fe9fb2d4d0b56be675d845cf92e4301a6c3
 .
   [ Markus Koschany ]
   * Fix CVE-2021-30640:
     A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to
     authenticate using variations of a valid user name and/or to bypass some of
     the protection provided by the LockOut Realm.
   * Fix CVE-2021-33037:
     Apache Tomcat did not correctly parse the HTTP transfer-encoding request
     header in some circumstances leading to the possibility to request
     smuggling when used with a reverse proxy. Specifically: - Tomcat
     incorrectly ignored the transfer encoding header if the client declared it
     would only accept an HTTP/1.0 response; - Tomcat honoured the identify
     encoding; and - Tomcat did not ensure that, if present, the chunked
     encoding was the final encoding.
     (Closes: #991046)
Checksums-Sha1:
 251269ddf8577c01e26561628d3a1f3c53b74984 2874 tomcat9_9.0.43-2.dsc
 77d3e03fa8893c6c8161c21bf748fcc65e859564 38700 tomcat9_9.0.43-2.debian.tar.xz
 4d591b8a0051e9c0d59f8e5bfa978d33e82c2c6a 13623 tomcat9_9.0.43-2_amd64.buildinfo
Checksums-Sha256:
 f7d0dd30343eb8276215dc3ccdabede693919c23943d66b6c7a5d6c359c1ecca 2874 tomcat9_9.0.43-2.dsc
 199a0169d76f4970f04a9b293ed869f92aa9774e737ff8daa940de1c69ee314a 38700 tomcat9_9.0.43-2.debian.tar.xz
 1cd5e3b39ff4c37fb1f68bd9e0794dc2623001c284d49345e27e614412e0a431 13623 tomcat9_9.0.43-2_amd64.buildinfo
Files:
 8ddb2626f337a8413537f4cd4d785bd7 2874 java optional tomcat9_9.0.43-2.dsc
 e2dc0fc769b45b4dc4a68682c767bc4b 38700 java optional tomcat9_9.0.43-2.debian.tar.xz
 66c4299cf5362c0665218bcf63ef4e08 13623 java optional tomcat9_9.0.43-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmEOoK1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk4VwP/2taeTwUqzbiOqWC2NBHUXJX+qmfAG4PCeS9
EY+l1udnM/kBArILaAWf/okHUnFYhhfVJOWvcOrMphaR6jQG8D0X6MFJxk92a++l
WZUqRwvCA+M1m5LOIKxNjTnnJLaC/KCsWXQxBCqkj0XxUtehMUe3MYrE+eImv1jx
nCtCcUKyCBEKCieKC4ofrUUk4F7mhfbIc1Q8vTTDvY40IMOI2zBc19G1JzoJpaLe
g1BCKE9h0sTtaWUs73xopCj/TJEP4QH/vYviTd3VXt48XnOyjeVtZBPvETYdu60z
ZIsF3/Tbr26AMp/ClG/QoX17O70Fck1iB9+hjFo+dCOC8WHegqH6uEqj66GMlbdR
+h2z3fW21hkAEHEk9x7rA1wsGC2tuCOwk58uev1cXalL4OBSs87UhNhnIJmqbgp/
8XYh9TnY99B1/0IJ57yFb/q0AWN5c87wwh4fUAb2dvHYwFAOnFXk0NAENHUVLMWm
LpFJPwvGLVIdLpIWDGYFztGh5XsQ1SD7bcPOuDXow3IiUmdmAv/GZzX/Gg6yyNdM
HYhNdiA+maB1eKDnyXj9MjllMdZVwzuXnGVCpHVm9cjCtR/vK539IKYSnLOgY4Nt
OCFrlh2KiK9Tdy7K2Aa2/7t+wnJIvwFe+SoyebwLQWT8grYS7AxwD8tOG/FSjbvD
nvApP+a+
=Ppag
-----END PGP SIGNATURE-----
News for package tomcat9
