-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 22 Oct 2021 21:59:08 +0200 Source: tomcat9 Architecture: source Version: 9.0.54-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Changes: tomcat9 (9.0.54-1) unstable; urgency=medium . * Team upload. * New upstream version 9.0.54. - Fix CVE-2021-42340: The fix for bug 63362 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError. * Update 0010-debianize-build-xml.patch and depend on the setup-bnd task to prevent a FTBFS when building the tests. This replaces the workaround by setting addOSGi to false. Thanks to Aurimas Fišeras for the report. Checksums-Sha1: 522a50aeb11710bd04854df75ede398c4aa54c85 2874 tomcat9_9.0.54-1.dsc 0bde0a735d7d8471460133920b13e6caab86a93c 4003240 tomcat9_9.0.54.orig.tar.xz f78af9e8e6eac3e25a0df6393820defbb4a14d55 35500 tomcat9_9.0.54-1.debian.tar.xz c41b588e7dd46e7e8ca4b835e2109f4bedf517a9 13546 tomcat9_9.0.54-1_amd64.buildinfo Checksums-Sha256: cd3f0e2fa001cf9a867600430d9e7d5549ce26f3571f2a74d7ed2572daf86488 2874 tomcat9_9.0.54-1.dsc bc99eae256c59ce187a41f55c6be79f43775b1a20c945cc351d1c3375ba7b53a 4003240 tomcat9_9.0.54.orig.tar.xz d69885d7b0745e8880f0df842cdede1b52b020f8714184279b213438b6269bb7 35500 tomcat9_9.0.54-1.debian.tar.xz ed63c0e941c4134ba1f83948c345193a7185cab7ad8bad09870ee101894a5175 13546 tomcat9_9.0.54-1_amd64.buildinfo Files: 9658f58c4a1c94dc77e3d81af369080e 2874 java optional tomcat9_9.0.54-1.dsc b4f353616f6fdcd69e7a0a8c78878428 4003240 java optional tomcat9_9.0.54.orig.tar.xz 81ec5dc9498c0ddfd8dfbd9a027c0865 35500 java optional tomcat9_9.0.54-1.debian.tar.xz 0fe36facb2dab8cbde83fafcdd880aaf 13546 java optional tomcat9_9.0.54-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmFzGZRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkOkwP/1zJsQSRCWuEtYjUweJtfdYnOONayzVMUKlo 7qVZCa+nvLlUeA4+ufyCN3ojY/UM/KG+F0LuO4maK0cA2HXNs90xkCnLaMb/5WTm fguGi4FDnN1crxCCXrU1skOueeD72dTs6WZMvENP+i4s4any0Y70GfWsvsRvcYfk x5SPEq2xirh+RFcQgoYWfbgaTSx//XNzM4Sv+RhZrMhd5sEcPq5ItTl/jKtV4jPu ooxyQgA5dchS12qtsGhFa5AferPQ2L6Bc8wX5MZmENzGaevUa8082SCVUv4UUcDg 3fOvzPkdHNHYlAN6CNEvfbqr5Lgq428NYNiVE9ztHPznktLqZz+vZws1DH7KyDhK giAmIi1sOrS4Qb3VCG+ZlBTNMbdQnbL1Y/3BbFVDB8UL5rRY8FmMW0pNozDAR6r4 CKwukSt+lLaJ/JZdltBgKY4j2CeQwHKBgjxbTFFM+hbt+KDnBnv3ggssioLok8YR W0SDTUdqcYEaa57b+BI8JPxWVLQrLk1uOEFjRmTjq84lbWD85AO8Iacpia6G8+tW r1RHZWKMCub6YuvJZaBUue6ZqmCNcvSUHKiT+vEG66fTYRtWUtbXCUqU7CWs9Pp6 jo59Ek3/rZQ7LStIaqHh/KQfz0qfR6VT9eJHhHQ+zBW2lhx7e/Cc20WI//kShoMl efmr63Ap =e7kN -----END PGP SIGNATURE-----