Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted tomcat9 9.0.43-2~deb11u12 (source) into oldstable-security
Date: Tue, 01 Apr 2025 23:20:20 +0000
Signed by: Markus Koschany <apo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed,  2 Apr 2025 00:16:00 CEST
Source: tomcat9
Architecture: source
Version: 9.0.43-2~deb11u12
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 9ef90ecb6dbe071d3fe9bf571c5c223c925585fe 2910 tomcat9_9.0.43-2~deb11u12.dsc
 23dcf6fd3cb3ba139d4be8ead6bc6bed49addd88 69772 tomcat9_9.0.43-2~deb11u12.debian.tar.xz
 45982fda1a8ec6651249acceeef4f6a6ce193d46 14747 tomcat9_9.0.43-2~deb11u12_amd64.buildinfo
Checksums-Sha256:
 c70caf30ad66511a98dc333f835692bb923c461731fdd0ff56dd13b6285088fb 2910 tomcat9_9.0.43-2~deb11u12.dsc
 a342114ff38a1c05f4280c0736d10393f6175e90b49a928c2850666ea8d29b5d 69772 tomcat9_9.0.43-2~deb11u12.debian.tar.xz
 b4f7797e21df284ca895ae64b18238dae297d5e6f5b204f18184f171783bb90e 14747 tomcat9_9.0.43-2~deb11u12_amd64.buildinfo
Changes:
 tomcat9 (9.0.43-2~deb11u12) bullseye-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2025-24813:
     It was found that a malicious user was able to view security sensitive
     files and/or inject content into those files when writes were enabled for
     the default servlet (disabled by default) and support for partial PUT was
     enabled (default). Under certain circumstances, depending on the
     application in use, remote code execution may have been possible.
Files:
 5da4892cf6ad7eec178b4abaa26ffcef 2910 java optional tomcat9_9.0.43-2~deb11u12.dsc
 e10faf5910b8e440d37e40685d540f68 69772 java optional tomcat9_9.0.43-2~deb11u12.debian.tar.xz
 36916d4e85e90f09fb1f48d3fdf1a01a 14747 java optional tomcat9_9.0.43-2~deb11u12_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmfsZahfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HktQcQAMmvTCURzQDKDpmOq6vtiyfHVUwjAdOh8Hgj
8I4BkzekLV0sV/DBkK8CiDcpKBeQPc9GsMZBJ2cfpuFb/TH/CSKqQnVz9VHMyA6v
4V8W+w1FWEca331pejVuJ6W8RCZJVJ/GiLDPMLcVebYehVmNyA7r65spA9sd208q
yU+52y1hH5Fqc6JwMg1NNt7S7d5ioDNz3n/+u9HCKllqZyKeH0ptm4KvRv4erwnt
y5cs5moBF+wwsgCb/XZLCaiTbDWA0/rYP9ngcK+y+EYNDlLqZHT9KcRkgbhK9V4n
jNb64tBIi90q5oa1kUUXSycjqIek+xqgUjgbgEe5Q8PZ5jReZx8n0f9UehQABiWh
A6mzFEK+uuSFDW/wCdCyRJHa0UDgE2UQA8kHv6LJRhKgSy7hFN4HkhMpAViq2/lS
zWYBy7xQLYW0xECC8XpIignUynlBzTkUi5Khaxguo8un9p67r/Rnzgw7QD4dg4x4
K9bDJIEWhOSgSzBbQSYoYlj1SFfPTTendFW1owjai13kHuCdinDOyJ89m986QLR6
RmiOo7yMjkNwJhojG2LSns3e5yZXyojBCiT+RjhnOTgNlomOFxmk/w6uWkyV0xLS
MoU+sH/Zevm3rQBZie/MJ+4u+FAG7RnxqChgdRmPocY6KAxsNm04HlcV/guW9uRm
ZCg9ztVQ
=JlJj
-----END PGP SIGNATURE-----

News for package tomcat9