Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted tomcat9 9.0.31-1~deb10u12 (source) into oldoldstable
Date: Fri, 05 Apr 2024 23:00:19 +0000
Signed by: Markus Koschany <apo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 05 Apr 2024 12:14:58 +0200
Source: tomcat9
Architecture: source
Version: 9.0.31-1~deb10u12
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Changes:
 tomcat9 (9.0.31-1~deb10u12) buster-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2024-24549:
     Denial of Service due to improper input validation vulnerability for
     HTTP/2. When processing an HTTP/2 request, if the request exceeded any of
     the configured limits for headers, the associated HTTP/2 stream was not
     reset until after all of the headers had been processed.
   * Fix CVE-2024-23672:
     Denial of Service via incomplete cleanup vulnerability. It was possible for
     WebSocket clients to keep WebSocket connections open leading to increased
     resource consumption.
Checksums-Sha1:
 be088b1770323710a17b4741d61b9af7e29db968 2893 tomcat9_9.0.31-1~deb10u12.dsc
 cb917fdf199d30d55c37715b83f7ae9671fc3a26 69020 tomcat9_9.0.31-1~deb10u12.debian.tar.xz
 b50835975eab92523c368c5850773cc0ce3889e6 11843 tomcat9_9.0.31-1~deb10u12_source.buildinfo
Checksums-Sha256:
 3616241e5b1b87228721a2ba482c0b1dbe0cd0c2d6d3de8b94c2daac5afee582 2893 tomcat9_9.0.31-1~deb10u12.dsc
 5a4951465b5c83b3a9130a51544192c88bffa3c4891241fa90bcbb657965b21c 69020 tomcat9_9.0.31-1~deb10u12.debian.tar.xz
 e4451a4f86a82fbf35ad314307f5740512ed3a8d986c5d86d69ce4f9f6de9773 11843 tomcat9_9.0.31-1~deb10u12_source.buildinfo
Files:
 0d46e26194ef507d46056dc5219267c2 2893 java optional tomcat9_9.0.31-1~deb10u12.dsc
 a45bb873efe0598811b3594f865cc5de 69020 java optional tomcat9_9.0.31-1~deb10u12.debian.tar.xz
 6f69fbf93c4a61bd094ffef62e79b77f 11843 java optional tomcat9_9.0.31-1~deb10u12_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmYQfy9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkR0gQAJzdvbdUYm56xUFt6bu95kobxOZSSHywFQ22
FilsfFnCxddt2xLUj/D7V4B5fTAFyOQc0aG3os+Znlkx+5cG88wdJpGfqrCveIjJ
7PsZq+27fuz78lCkXGBXwgfdUGy9im2RMnNE2UTw8g8jN3jXZwfRA7QSPl/i3q0I
TSMypykZOM/jNCCn7hfZzU0qhGheOKPUEu39MK7RRPAJMNJ4r26h4zeV4Mm62A3j
b+eTQNRIa52HYAcNVKErKZmJ7o+QNWKESnCsvsPNg0fJqsqcFgavKwwU4qgu5IHK
a/cZA3AcYetiTT3EwTS1fU2MQx5LxCs7qJx798m7xsftrKX+cZLBbNYJgWxKIERi
y98q6nYk4JcyE1PN8urUmH860J7WFfd3+dcD1npiucoNy20du2WtwqFe2vg7zlWl
a+UrEiXgS3FS4dVdnAS/vp7jkeBG+Nx/myvBwV2rNDowtOF6hTR2ZoQ7V6RYP2cV
ZfnIx+apwdr+1imLCg2rdzQ2iiQ5wy0LOQ8CBrNX38TEr/NG76UfrHEOdmZaFb5X
vTMdYMJjCpGW582Tc4zeBHu1o9YpRFCX0QnZiTw3qIw651WeeQ/BbIl6e88yYVg9
CFc/P/0eIJOxzjYTatEd9UWYrDEopHHll1NPeLyE9iaa88EhP4VxIIjHlFgODHtg
Vco6aGkI
=DdfP
-----END PGP SIGNATURE-----

News for package tomcat9