-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 10 Aug 2021 17:17:56 +0200 Source: tomcat9 Architecture: source Version: 9.0.43-3 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Changes: tomcat9 (9.0.43-3) unstable; urgency=medium . * Team upload. * CVE-2021-30640: Fix NullPointerException. If no userRoleAttribute is specified in the user's Realm configuration its default value will be null. This will cause a NPE in the methods doFilterEscaping and doAttributeValueEscaping. This is upstream bug https://bz.apache.org/bugzilla/show_bug.cgi?id=65308 Checksums-Sha1: 172c9fdd5c8bd5892fc05fcae54dc884de93631a 2874 tomcat9_9.0.43-3.dsc 5efed039a9d2af294093b5aa852fb460ec5f148f 38812 tomcat9_9.0.43-3.debian.tar.xz 9ee0854a8b4ca05cba21ce95e247bb19f36b5d2e 13623 tomcat9_9.0.43-3_amd64.buildinfo Checksums-Sha256: c80050818b8051fca1476ee89b7a705ddd5760d6eaf341618a672b636c6cc66a 2874 tomcat9_9.0.43-3.dsc c1e21ec7cf3b2ff1e96fc341bfbf15c00f96613411409975c583ce09a5ac27f6 38812 tomcat9_9.0.43-3.debian.tar.xz d2549ae815ddd73eb14cfb4e416c7fd507b39da6aee0edbe39d786a5904e1dcb 13623 tomcat9_9.0.43-3_amd64.buildinfo Files: 6afef9d2fe7a2f36f8ab416c4e1d2489 2874 java optional tomcat9_9.0.43-3.dsc d4b6d7474558e69bea515fcfbc242cf3 38812 java optional tomcat9_9.0.43-3.debian.tar.xz 36f742bef15ffbea26ad59e06b5db8ff 13623 java optional tomcat9_9.0.43-3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmESp4FfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkcRYQAKC7v5+z8pLUDOYS4nodtpYaAmr1IR1dDvLk RWgzAJJTxqqI+3stniixBagJFiHdbTodGjdsTEn4jONsN1NQew0HCfnK+h/0C9eX oVMT99kc/D+r/k0d7+FO0ID9wfiyp2nTSMXbeZTsl2QPNR1iKRl0VYgTOJhTw4xV 1wHZOz3RHqr5LlHjrZB/7+I7tLKIc1ONbs5wE85XvPE7nQc5IlR06+lYrzSvh2MO Ps63OLqMhVMy8c48fCc7AuZ8NM2t43MxmmFPGBhh/tXaJD/rSyDg9pZfWPZl8pZj uvLZDWZ8YU6YijhxhgMZYsRa0D6+htdeRTCyhMyl9uahYBKbxStzGkY2pTuAQ5Mz U/qPy6iClDEOJnans5orK+uH1FSUSHD3rCFeJ0o1qIEBaT2Tvov4xVpXxS3N61RN ZJPklWJ/MKsBy3YmGyQImpW0XM5UEBfOfawcndTL2DseDe20kNKyaiAzVBzuUy3T qes0NMTsrMp12H5MMIdsYe3uWjXu0BF/8hdzpkAs31qoyJZGfnJOmz4NE9nUypZQ 7TfcbSbyjrLBCV0BlXPTKNLyuR/nIWzwwZ6U6W9wf+O8krXFMDUUtlNsyUJ/lAl0 mjCMuEpj/4rKekBWN+NG/9hNd3qv+VKBhwB7fFv/fr4CWIIU+SOUyxj4DX9NQCf7 mNybts0s =DbAB -----END PGP SIGNATURE-----