Debian Package Tracker

From: Emmanuel Bourg <ebourg@apache.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted tomcat7 7.0.28-4+deb7u3 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Date: Wed, 20 Jan 2016 22:18:08 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 11 Jan 2016 12:38:23 +0100
Source: tomcat7
Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs
Architecture: source all
Version: 7.0.28-4+deb7u3
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebourg@apache.org>
Description: 
 libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes
 libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation
 libtomcat7-java - Servlet and JSP engine -- core libraries
 tomcat7    - Servlet and JSP engine
 tomcat7-admin - Servlet and JSP engine -- admin web applications
 tomcat7-common - Servlet and JSP engine -- common files
 tomcat7-docs - Servlet and JSP engine -- documentation
 tomcat7-examples - Servlet and JSP engine -- example web applications
 tomcat7-user - Servlet and JSP engine -- tools to create user instances
Changes: 
 tomcat7 (7.0.28-4+deb7u3) wheezy-security; urgency=high
 .
   * Team upload.
   * Fixed CVE-2014-7810: Malicious web applications could use expression
     language to bypass the protections of a Security Manager as expressions
     were evaluated within a privileged code section.
   * Fixed CVE-2014-0099: Check for overflow when parsing the request content
     length header. This exposed a request smuggling vulnerability when Tomcat
     was located behind a reverse proxy that correctly processed the content
     length header.
   * Fixed CVE-2013-4444: Remove serialization support from FileItem to prevent
     a remote code execution vulnerablity in very limited circumstances.
   * Fixed CVE-2014-0075: Malformed chunk size as part of a chuncked request
     could enable the streaming of an unlimited amount of data to the server,
     bypassing the various size limits enforced on a request. This enabled
     a denial of service attack.
   * Fixed CVE-2014-0227: Add an error flag in ChunkedInputFilter to allow
     subsequent attempts at reading after an error to fail fast. This prevents
     remote attackers from conducting HTTP request smuggling attacks or causing
     a denial of service by streaming data with malformed chunked requests.
   * Fixed CVE-2014-0230: Add a new limit for the amount of data Tomcat will
     swallow for an aborted upload. This prevents remote attackers from causing
     a denial of service (thread consumption) via a series of aborted upload
     attempts.
Checksums-Sha1: 
 ff165fdc4c9f1d2180a6a7c3a3b1bdf0e6f8fa08 2645 tomcat7_7.0.28-4+deb7u3.dsc
 cb25b647f297663c30bf20b5e49cf46f45bc2831 105422 tomcat7_7.0.28-4+deb7u3.debian.tar.gz
 08d06711d9067789a0948b1f99d45334588211c8 61260 tomcat7-common_7.0.28-4+deb7u3_all.deb
 455549997df0a281fc8b7f1ba3717db90f34ee50 50408 tomcat7_7.0.28-4+deb7u3_all.deb
 113a59a4686c860a9be5307290d2c159af135bb5 38986 tomcat7-user_7.0.28-4+deb7u3_all.deb
 cee0a2c45781f7c50a24eca765bab470f9b8a011 3501052 libtomcat7-java_7.0.28-4+deb7u3_all.deb
 d51b41a2c28889f90422496a9c0b85ec07f96aba 305092 libservlet3.0-java_7.0.28-4+deb7u3_all.deb
 c432fe5990dfcb11eae863c99c936e40a971ff59 302038 libservlet3.0-java-doc_7.0.28-4+deb7u3_all.deb
 04afeecb76f58f8925ccf3f267761c3eb6fba55f 51378 tomcat7-admin_7.0.28-4+deb7u3_all.deb
 5defbe79deebf8cf4346203996f1795411934079 201624 tomcat7-examples_7.0.28-4+deb7u3_all.deb
 5538be8c8d0149e7af082a719595390d8b4461a1 647416 tomcat7-docs_7.0.28-4+deb7u3_all.deb
Checksums-Sha256: 
 c0a33f44259c0bb6da6a730050ba90c43c36b4f33f66cc46b041de40978e956f 2645 tomcat7_7.0.28-4+deb7u3.dsc
 483d6dbd5b29e6c5ff44d93104042adf57f3c3e9657be030f3ca18563bfbb738 105422 tomcat7_7.0.28-4+deb7u3.debian.tar.gz
 dfdcfbd3e7d1c2eb910d90d97775f7110f1af2a023918867e3488fd27f72f9db 61260 tomcat7-common_7.0.28-4+deb7u3_all.deb
 477783c136b4b0a7fe3a6338fa956873c53ce70b04a802b0c0f8ffffe692faaf 50408 tomcat7_7.0.28-4+deb7u3_all.deb
 c0a620eeb5806a55c3c3fc378ca2c5bb12f3b50c4e44df86ba6a541e4e5381e3 38986 tomcat7-user_7.0.28-4+deb7u3_all.deb
 97ef8316c1936731adc403029d1f1098007f611f4dddc1c4159390956bdce70c 3501052 libtomcat7-java_7.0.28-4+deb7u3_all.deb
 f98aedbf0f296ebe0cc3a25ba1e8eca3bcbc59276f4052c90fefe3f8696cfca3 305092 libservlet3.0-java_7.0.28-4+deb7u3_all.deb
 57d6f79dab613865f2f38859eda910e992cdebb8fd607477a33aae2792dbf40c 302038 libservlet3.0-java-doc_7.0.28-4+deb7u3_all.deb
 9c43cc7a66cb249db4d6027aed766e3babadf8b50ac211d6da8deeaa7554858a 51378 tomcat7-admin_7.0.28-4+deb7u3_all.deb
 a63c0cd87c96225e09aaab976dd72db6c138975c50c3cd6820132c1fbe96e671 201624 tomcat7-examples_7.0.28-4+deb7u3_all.deb
 8fd38037bc0a23368c8646574d38e9e619686edd3ff810eab79262766242cd46 647416 tomcat7-docs_7.0.28-4+deb7u3_all.deb
Files: 
 0c55247ee9ae7a71f707d7462d470ecd 2645 java optional tomcat7_7.0.28-4+deb7u3.dsc
 e15b76034d914449f3078857a29382c9 105422 java optional tomcat7_7.0.28-4+deb7u3.debian.tar.gz
 180ed07180d1968f4a834c7c50b99aad 61260 java optional tomcat7-common_7.0.28-4+deb7u3_all.deb
 90ab6c6a75d807f38b69cad205f2e920 50408 java optional tomcat7_7.0.28-4+deb7u3_all.deb
 4d5fad06e665745a002c50744835e752 38986 java optional tomcat7-user_7.0.28-4+deb7u3_all.deb
 546daeb73ca0860d2e74677a531561bc 3501052 java optional libtomcat7-java_7.0.28-4+deb7u3_all.deb
 d930497fda41f8b1d7f5f12d01c2b07a 305092 java optional libservlet3.0-java_7.0.28-4+deb7u3_all.deb
 afc6a24c369258a301711a0f9d0ca1c4 302038 doc optional libservlet3.0-java-doc_7.0.28-4+deb7u3_all.deb
 e3ad44f43ac5f4d440d14d77bc553294 51378 java optional tomcat7-admin_7.0.28-4+deb7u3_all.deb
 bbb5299da82a4fc17e181b0d5e3babe1 201624 java optional tomcat7-examples_7.0.28-4+deb7u3_all.deb
 89ac5898458784efd11259207a77e491 647416 doc optional tomcat7-docs_7.0.28-4+deb7u3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJWk5hAAAoJEPUTxBnkudCszw8P/0B4M77ycaftVt1pnv1052s4
BOMgJc7xaqaDqI8vEfT6KsMRspmCaoCsR6IVSO8a+IiRqzIUuLnFMufBsLFJe6rJ
C8FpKstAyoS2gqaxQixwoxbkrdUqyT6zB3efQ4bk09e7VEzkzsoLvBsTXTJlOqb3
DTE0eGvEZszbHy/lb/Fzyc662F16WMTOv6sn+AopHnzibTRWyaVPymNgdvAfZbwD
pe7o8TVtEQ04xSMN5oa0PXghCxjqgQQwFUovQVxv2fgE6GSA4UYFr/1SDt6zQ5vU
PCrNP/rh7o5rWCNJjdjg+E6bffs9XdoVBIhIn/cfSlVvXpsL2LIawIkd2fTk2YmC
efr5vQUoFd2JN92TjAvnpEeeaVEsaQ7srIrx9vKgx23BZLkDGrk1wQFVwmmdAA4z
I3bquiZ9ts8qPjaWaPOSKJ4OGz6OTpRJQkk68hx+niBqh1foysSKGVqcy0IUZWWE
ASV8oSHCONDkh4a4VFta3TcKXAwospsWdKYHfHM9ENQsn/6oOXOLERn00M9Xi+hL
oE5dDmIQ0cVCSZRU6vzvMcuUsiKWbpqYMLRj5x4ufLhkNjsoOkzQnRS5tCBnL6o4
2pFw9++D9EXc2kJKUU/bEsNWk4f9N4GzmiVAqODdKnfvO2E+ntD+bs5GPXHklMda
mzBaaGapVN+CdYhNz69F
=D4PK
-----END PGP SIGNATURE-----
News for package tomcat7
