-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 16 Oct 2023 22:25:34 CEST Source: tomcat9 Architecture: source Version: 9.0.31-1~deb10u10 Distribution: buster-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Checksums-Sha1: 9cc8deeb78b3332be138dab5b230694b5b25da83 2893 tomcat9_9.0.31-1~deb10u10.dsc 1a61953b58fb9b49164ad7d1897144fd3c18f503 62592 tomcat9_9.0.31-1~deb10u10.debian.tar.xz 461d59f36ffe9352bbeab25778bd965e01335db0 14182 tomcat9_9.0.31-1~deb10u10_amd64.buildinfo Checksums-Sha256: 5e434c9697a30d8e73c016c1669acace42b148984d60b9ebb12700a00c1b7a89 2893 tomcat9_9.0.31-1~deb10u10.dsc 93b0b1ade6a84add6bee9818c4ce4dc9b07b6dc31c1bf80577ec6cca7798a45a 62592 tomcat9_9.0.31-1~deb10u10.debian.tar.xz 2110189ec3991acc220f51bde5481fbffa4520c19500f00892bc183782203272 14182 tomcat9_9.0.31-1~deb10u10_amd64.buildinfo Changes: tomcat9 (9.0.31-1~deb10u10) buster-security; urgency=high . * Team upload. * A regression was discovered in the Http2UpgradeHandler class of Tomcat 9 introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong value for the overheadcount variable forced connections to close early. Files: 3caf8ed7be4d8cb7ce02ef2a688fac22 2893 java optional tomcat9_9.0.31-1~deb10u10.dsc 403793637886c1d4a4c87d1c1033c68b 62592 java optional tomcat9_9.0.31-1~deb10u10.debian.tar.xz 748a083ccc0f61313351c0b457b4d032 14182 java optional tomcat9_9.0.31-1~deb10u10_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUtnIVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkPj8P/0DMs++16B/lat+ZflucdONQoZr41qbXrYoA qHyH7boxH4t3yRU1c1V7tasbQvMjWpbO2Aue1LNQq8xAZuZcRxuBAjfDSfAecFzs 9AJJ1qP7fcEguVOmJl8fExs5S8pfxesmm2cvHE1AHt+AHUrY4Jco/DSnaOhpaMAa kf52ZisMNML5NIeomX4B4FfLQs1/3hMXvo0Hv6bPxDBHHhPdVF9GIw1eDkA8cYUz VsvhD3Q94V306CG2lNhW0OfzNOxFnYItRaQg0paQUFtmi2B2kjadlmMZNewW1nYr CQstEbKXfzx75P6egT/RV67W1puH6IMP8z6UrhoB/HAH+PapkjAUQBGZGC/Ebahh CMoz2KNr5r5TXHoJ/cJ+9BAhHenp1vCd2n9Qk+Peqr9LvkU6IcStsa0EDTrWubj3 OCKntdgeJSHyLwV5AlSbu7pdwjrmym5KNa+Q9YUsBvEbs3Bsw8jOoXe7cCJAl9JK QhUDpSrorbLVaDea+MaleA99I+SYRzkGSR+lKevL4riUjBj++hwsQ0X3GNz/EY67 jYCjJD6AoZoFD+ZHy0Y9twSYUvcoGHvNjvE2dAZFZtuedBSRLa5zX8/jHen9/4vW 8yAh1DSHZCRzGtZc0mHbBWLQiUFBxq3LH6pmXl2egn9ASWa8T23QIhdEwlZjk/xC kEX804cD =kDQr -----END PGP SIGNATURE-----