-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 18 Apr 2024 22:17:07 +0200 Source: tomcat9 Architecture: source Version: 9.0.43-2~deb11u10 Distribution: bullseye-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Changes: tomcat9 (9.0.43-2~deb11u10) bullseye-security; urgency=high . * Team upload. * Fix CVE-2023-46589: Improper Input Validation vulnerability in Apache Tomcat. Tomcat 10 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. * Fix CVE-2024-24549: Denial of Service due to improper input validation vulnerability for HTTP/2. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed. * Fix CVE-2024-23672: Denial of Service via incomplete cleanup vulnerability. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption. Checksums-Sha1: 55d94ac3d8d7947d4a3ac2b1b4e4a2fcbd7f5533 2910 tomcat9_9.0.43-2~deb11u10.dsc 4dcd8db9ffcc56ed6db5965a9d415947fb275a04 63088 tomcat9_9.0.43-2~deb11u10.debian.tar.xz 93ac5c033f4270df8e2ef7269e3f165c208994a8 14427 tomcat9_9.0.43-2~deb11u10_source.buildinfo Checksums-Sha256: 783993a4d13955e395f7213ce9cf281ce016d30f161cde53661febe08e58639f 2910 tomcat9_9.0.43-2~deb11u10.dsc 6e66360dd51b9d2868869c0e155ee2ebec3a9198df4417c8279fddaaba651768 63088 tomcat9_9.0.43-2~deb11u10.debian.tar.xz e3b481c1e5062d5c1572c0df1aaa0b83aa72ade5012d60b983d30d06b9a6e565 14427 tomcat9_9.0.43-2~deb11u10_source.buildinfo Files: 81f7ac41578e5bf9a564cf6aa43fb1d7 2910 java optional tomcat9_9.0.43-2~deb11u10.dsc b529191678916c015e89a18343011bd6 63088 java optional tomcat9_9.0.43-2~deb11u10.debian.tar.xz 49000bf7af3ba4dc5ba2899890a65227 14427 java optional tomcat9_9.0.43-2~deb11u10_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmYhgNBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk0WkP/1CS7KqzxMDVxvpBxHA375DPodK41siBlA5D u1wOVpmbZtwDeX6vHl7iTWepYEQwRD+xSn9Q8KXbBBlj7im4NQP1jbPiWyqVRnkP 9RgVZMx8wC/G2KPFfQS0cyqNSjvZV43DApYYu77wCze+N2kliqCrVAgINO4YHOLk G/Hancffb45dXh0e+82ampQK5RBmFzIeNLhOxe8YGYrd+kAkUyHol5Ilbm1AYJXm uLW2ZyyruH1MhPn/sRkzQ7RfQY36vh8kXclWzWDuTcKi/1Jl7D14WVTnviNB+kyP hk+/Zc9GTN1jGv/CWyKZe+NJgG+tt4mChjVgRBQ+Cg4rcLNIo/stMrLFJOcBk5X7 Gz/Ww807rMY0RZpDCv8AJgypHagYO0Jm1tpx9WErmbwI8WooL2lGPnNAF00zXsrj mlty4FoSRNMxR/xEoIAt8Rgnaz0iMjcCswiet0AqnedExmrp8/RLH8PSMveEQh6N choc9mnsHebupCuC2lgHTSQVB7RZv1nQaidxfDuvxL2jx5QqdaytALd0b2iSn9Bg w3WEULd2O/2/a5SZpNWANCohUwMwcRC4nexnUtPZyUx/zeXsH4sQL3UI0/IJEWD5 +B4Pl5tmHrCTiLYy6QmMdyVXka2+iDzRhWJhQ+zQgmNXFyKRQgX/B7gIKzzKA8Hg E2HliF2h =rcw5 -----END PGP SIGNATURE-----