Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted tomcat9 9.0.107-0+deb11u2 (source) into oldoldstable-security
Date: Thu, 05 Feb 2026 12:20:24 +0000
Signed by: Markus Koschany <apo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu,  5 Feb 2026 13:02:30 CET
Source: tomcat9
Architecture: source
Version: 9.0.107-0+deb11u2
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 bd40d304324f1fbc15d152d97bde4047a8b32424 2971 tomcat9_9.0.107-0+deb11u2.dsc
 30a7d77379f3fd944bccda5066021c03e5286327 5028940 tomcat9_9.0.107.orig.tar.xz
 b7d444e88bfb9e893e74352e05845120e8910eab 97532 tomcat9_9.0.107-0+deb11u2.debian.tar.xz
 129f03ac4594f9a1db25316345e057e27912ceb7 14785 tomcat9_9.0.107-0+deb11u2_amd64.buildinfo
Checksums-Sha256:
 7e3632582ae12a65137cf1bb0e6eb24721061669bdc842caabaa833ad8be42e0 2971 tomcat9_9.0.107-0+deb11u2.dsc
 6b46d20347b728c1b86175a4482dfd2e46d98a08eb9a6881935feeb06b15b7cc 5028940 tomcat9_9.0.107.orig.tar.xz
 8498d69e10ad01e00a2f68aa26a2b60b990c03bb6169dd3afb3558116302a9a2 97532 tomcat9_9.0.107-0+deb11u2.debian.tar.xz
 9e94f37712a2c79f5c47a75422f51f95d6bd5c8f6da27641a0ec22f1743f622b 14785 tomcat9_9.0.107-0+deb11u2_amd64.buildinfo
Closes: 1114028
Changes:
 tomcat9 (9.0.107-0+deb11u2) bullseye-security; urgency=medium
 .
   * Team upload.
   * Fix a regression introduced by the last upload and look for OpenJDK 17
     again. (Closes: #1114028)
   * Add a autopkgtest to detect possible OpenJDK 17 regressions. Thanks to
     Santiago Ruano Rincón for the patch.
   * Fix CVE-2025-61795: denial of service due to incorrect processing of
     multipart uploads
   * Fix CVE-2025-55754: insufficient escape of ANSI escape sequences in log
     messages
   * Fix CVE-2025-55752: path traversal vulnerability due to a bug in rewrite
     rules
Files:
 daf399d1ffcc5a8c15093eb83905649e 2971 java optional tomcat9_9.0.107-0+deb11u2.dsc
 fa431cd1265863a9275a3837b1eb2823 5028940 java optional tomcat9_9.0.107.orig.tar.xz
 cafdf75c0391a8879e1e570b841944d9 97532 java optional tomcat9_9.0.107-0+deb11u2.debian.tar.xz
 a258e3f180ec213f4eaac8bb32363d29 14785 java optional tomcat9_9.0.107-0+deb11u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmmEhtxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkYoQQAJKKFG2V1dwTnyVOT4q7q2gjzxO+bIgTDLLW
jS4npxKQEVe+/m+plCT1OVH0gwplVJTmdlLybLvut/04MMoRkw5f3ScJZw5sM1Gx
Yz1X+hkN8l7uUvDvdkt8S0sL74S/gqBqAkQqu4y5eVnV82BickCquVTqfjjkZK5g
mFkfYGjJiXVHd45QwROzNoHPTIlN8OYIYhFMxMXpmkhEEPHzXcWgNYKKaW8b0fo/
hpz4eSY1Vz5UVsO74cmYBWRKlJ5AJtMNKPV0yadjQLGZEsXKraXKgWwe6CcFy+BN
u3Hr5NF7tICNHQoFZzjH36vTtAOMbwtiG4norkK/ZQlZKjMKGwnt/zyU2hobOFTp
Mtc4Ja/FG2RtGto+2K9zx1rBjNzdNw9Bs+I+Qh8LjGxO+0N0ZH2LnCzbTjUeUb44
ZIdKflavJQVY6UI6GiYwWFRsuriLFEPTe3HC4J7O+VB7Vk+TdO3l8dy3Gg4KVemE
2b+9lUah+EigrkfNDlXmsoQkcd6zt9XFwCWC8tsP39rCe4XAq1XZinm7ZIANyUYW
WonWb3+ggy+QSKptm9nBE6qyERGXoWxT5jtVFHHCuziM7Ron+pGbdqUC8Zcetpo2
wbQl30x5zlzi18oElNVMprPgqqrSR8EGlJnsAGGKEty6C/1/c1VUjOzBlLowx4Hb
9C3Ek5yx
=E9g9
-----END PGP SIGNATURE-----

News for package tomcat9