-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 12 Nov 2021 10:45:54 +0100 Source: tomcat9 Architecture: source Version: 9.0.43-2~deb11u3 Distribution: bullseye-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Changes: tomcat9 (9.0.43-2~deb11u3) bullseye-security; urgency=high . * Team upload. * Fix CVE-2021-42340: Apache Tomcat did not properly release an HTTP upgrade connection for WebSocket connections once the WebSocket connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError. Checksums-Sha1: c9f3671bfe833fedc34e227f4532e91021072af5 2906 tomcat9_9.0.43-2~deb11u3.dsc aa3a4eb0f43bb922b39f040473e303919a52279d 40120 tomcat9_9.0.43-2~deb11u3.debian.tar.xz 39f54005320a77b2dc6c2a9d12c2744b73cb8cb5 13322 tomcat9_9.0.43-2~deb11u3_source.buildinfo Checksums-Sha256: 81fa7bc85a100a082065444cc3509e286182ef1ab7d088a332f7bcc0b86ecf81 2906 tomcat9_9.0.43-2~deb11u3.dsc 304e64b883a929f5b978d4c32defac7d45a49f57ad15794646166739a3fbfbb2 40120 tomcat9_9.0.43-2~deb11u3.debian.tar.xz 758c8e6c28240f2261b2eeda3867c2e957e76fd125b131ba83043c986cf68cd5 13322 tomcat9_9.0.43-2~deb11u3_source.buildinfo Files: 107305635884a730adc0a58b23b59f4c 2906 java optional tomcat9_9.0.43-2~deb11u3.dsc 41d0af58b3f7a21b58ccfa748b3bed8c 40120 java optional tomcat9_9.0.43-2~deb11u3.debian.tar.xz dc6a714812e49bb5e6b0041def8fc0e3 13322 java optional tomcat9_9.0.43-2~deb11u3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmGOSzFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkgG8P/jWNYGcwpgMhB4Ocs2I6oVU7e7KohA0DIMv/ 429iELvxt1xT+QMAW9itfLwza40M+rr3zKtm+TinfwXgdFdMou5So5grfHik4f8k LwsLA2EtL+JFGyMTzDXHFzyHzwCJfjZ++Ou0GJNdlZOOVoUjnBdN5qTKZ2YU4jPg zaa5UmoKS9/UHOdPMA6zGBzVfvsSxirUVO9wpx1cJNIBgB6TzUXla0uOtgKISmmV GoO40e/0VL6fNygeMG5ufZuTWX839dU4Z+Lkd2e92RqQsCR3r4rJKPGUEYigThTv pRGdSwi+iA7wEUJAk37xMY1bZ4UukuWDUH16q/XuBKq2zbavnIAV5F38O8OCxPIp ie9xvrapd28HBL0IKRxsJiRxgoJA/4n8lfS1R1qZRFDpP1vEqJvl/sSxGycV3omO YaCLig/CEdRlvoW1Jje5tmmZAe/Fl+LC6V74EI8XLMey4yZbCKvzJtTxjfjiVFEE hE1XfUnPiGnAVbu6W4kU10CP070cba4wR17K9bZP5q5m0T1FH/QMrA/qp5ErPHzH gtxpmlVPsPG9KSS4Bq9H20jQ5rMNbUy0weH/UVlAbtuKAgawjN82vkNroYzLPws0 n+G7o+d2efFJ3jInxnvnGfp7U+jBAalQ6136y0ynRiQiaOpNkF1hlm+WHADmBkB4 sP/MpK45 =eloq -----END PGP SIGNATURE-----