-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 15 Sep 2016 15:20:36 +0200 Source: tomcat7 Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs Architecture: source all Version: 7.0.28-4+deb7u6 Distribution: wheezy-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation libtomcat7-java - Servlet and JSP engine -- core libraries tomcat7 - Servlet and JSP engine tomcat7-admin - Servlet and JSP engine -- admin web applications tomcat7-common - Servlet and JSP engine -- common files tomcat7-docs - Servlet and JSP engine -- documentation tomcat7-examples - Servlet and JSP engine -- example web applications tomcat7-user - Servlet and JSP engine -- tools to create user instances Closes: 821391 Changes: tomcat7 (7.0.28-4+deb7u6) wheezy-security; urgency=high . * Team upload. * Fix CVE-2016-1240: tomcat7.init: Protect /var/log/tomcat7/catalina.out against symlink attacks and a possible root privilege escalation. * Do not unconditionally override files in /etc/tomcat7. Change file permissions to 640 for Debian files in /etc/tomcat7/* (Closes: #821391) Checksums-Sha1: 65934ae2f083a2048b4a25150ae7095f32af2356 2766 tomcat7_7.0.28-4+deb7u6.dsc 4b33dfd1cc7a7b6726258420286c56770df90f9b 129310 tomcat7_7.0.28-4+deb7u6.debian.tar.gz 6007a0bc328bb4be57cc4ccdc95e7cc021768f62 64954 tomcat7-common_7.0.28-4+deb7u6_all.deb 032a0337dffa65cfd88a6bd53c262acc602f58c7 52324 tomcat7_7.0.28-4+deb7u6_all.deb de7133a335002c39d594465308e2433a27d2eccd 40230 tomcat7-user_7.0.28-4+deb7u6_all.deb 31e7c2692b009e71b4fbee6e4f7e361e389e57f4 3507352 libtomcat7-java_7.0.28-4+deb7u6_all.deb cb72e147bf66d2acda3d8f005ae372db758c6241 306124 libservlet3.0-java_7.0.28-4+deb7u6_all.deb 4f0908f7e9e9a9b7a133087ce67c337a39fa4e03 319764 libservlet3.0-java-doc_7.0.28-4+deb7u6_all.deb c8b3b1e5b5af7a2582ae80e0de81aedb5814fa8d 52894 tomcat7-admin_7.0.28-4+deb7u6_all.deb 696640ab2b80c8e13dfe6935e8176e84cde3c6c8 206404 tomcat7-examples_7.0.28-4+deb7u6_all.deb a8af5c76f72459c00346f9590f9dec8c29bf006e 648120 tomcat7-docs_7.0.28-4+deb7u6_all.deb Checksums-Sha256: 9f1c78c90c0eb96b3753fce21f539bdfd39ae2ae81b6c73062c32f4deac3c379 2766 tomcat7_7.0.28-4+deb7u6.dsc ab2a4569f22aaa23afb7733f6893c505f772eae63f2186395cef4f86c299f549 129310 tomcat7_7.0.28-4+deb7u6.debian.tar.gz 6ef593e466e82ef54ffa273eabf24bf3b0ceeb3cec99ed10f7a51506feb5a373 64954 tomcat7-common_7.0.28-4+deb7u6_all.deb 8b880a40017bede071b9384b11bafce776d9b6b030f07a2209d82b511b2b0667 52324 tomcat7_7.0.28-4+deb7u6_all.deb bddbc25d292f9d3ba38d7b6fe64a2c60bb77ea219058319d6b4756db620424e1 40230 tomcat7-user_7.0.28-4+deb7u6_all.deb 8f4d8633c83b57f9465c8f149d8bb1962c119bbb80e3780ca371e0e4c16b7dd1 3507352 libtomcat7-java_7.0.28-4+deb7u6_all.deb bce0de5475533453a596e7a56184f0d87958452f21b395e1ce194b7e08015c79 306124 libservlet3.0-java_7.0.28-4+deb7u6_all.deb 6c6cef72e881d8bfd6c779d59bba981f9eeae7ae985cd2036b4cf87b16fed22d 319764 libservlet3.0-java-doc_7.0.28-4+deb7u6_all.deb ddf6839d118962be30c1c0616ed7ab7e49de48209a8aac2f18db8ef931490994 52894 tomcat7-admin_7.0.28-4+deb7u6_all.deb be121f37c170cda4e7c2dfaa2322b81f7ee1ace4b30a8fe9ebed6c6037d92f90 206404 tomcat7-examples_7.0.28-4+deb7u6_all.deb 222cdf4693f6dd97380f40abc4daca71be86ad2aafd45a9f50fac73fec425a1b 648120 tomcat7-docs_7.0.28-4+deb7u6_all.deb Files: 161fc5fc21258d46380b6989c70b04e6 2766 java optional tomcat7_7.0.28-4+deb7u6.dsc 09e06ff07c329498ce7c48659d0d497e 129310 java optional tomcat7_7.0.28-4+deb7u6.debian.tar.gz 60cfdc43049eb5ad4a1da2842c04d937 64954 java optional tomcat7-common_7.0.28-4+deb7u6_all.deb c760a36a82959905391a84d24f0c8c04 52324 java optional tomcat7_7.0.28-4+deb7u6_all.deb b0dbbfa1e677e630bf9125c30f0690d9 40230 java optional tomcat7-user_7.0.28-4+deb7u6_all.deb 166e1d7466086acd30bd8b72be1aec22 3507352 java optional libtomcat7-java_7.0.28-4+deb7u6_all.deb 4b2d258b2834c7cb9dc900bf4bee7763 306124 java optional libservlet3.0-java_7.0.28-4+deb7u6_all.deb 572db9281a29c0d3e30fb023e6c63bba 319764 doc optional libservlet3.0-java-doc_7.0.28-4+deb7u6_all.deb 9738cfd73d586b2b019cd1f96c0f9a02 52894 java optional tomcat7-admin_7.0.28-4+deb7u6_all.deb 895f60e8fb2bd323415038e599600084 206404 java optional tomcat7-examples_7.0.28-4+deb7u6_all.deb 33ac1b440bd5737443905102e445a4af 648120 doc optional tomcat7-docs_7.0.28-4+deb7u6_all.deb -----BEGIN PGP SIGNATURE----- iQKMBAEBCgB2BQJX2rDYXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0DxxhcG9AZGViaWFuLm9yZwAKCRDZrRS5UTtR5CmvD/9d HkPFZchwpd1GztRCwGER1YwWstfwWvq2PrjPrqDUFZFOpHE87fQIVnMRO6p41dgQ CfEDMh3VukLLUaY2diIO+Gbncvtu8nPYqut/BjHhlj3PI1UsJAGDyHeHxvEEeqD3 FjHMpurwIBy4oDx9OAE2clLp9pksoK172Gk0hAdI8+9x+VCN+4dnh+UoS/bS9B6E kYkrMnmEwCjpVbd5IhuAp8ZCPn8nshoacv+b4J2rEb67q/cxTU41mkCSrcBuLyWX nnMamt9PbR41DmB8UwMxzpM89Hf92aA1vXXDrzlLHmeAlr5IJ7Dr8rxw6thOsOKD hnxPPNW8q3DBlPW/OXYTNl+KbxNrJQ2c8pvLjzjuQlXqJpTu5nFePQRE52RW4SKo AUOsP0XVALtJvPZIVsDlDXAJkabC7xkd12VeOzjp2YKUXCPkJjca4ZG9ZdIKiRBq g1aHF6TJY7NdY8rj2NTu2iYTGci1QtXJHY0gKb6+yCEEiSJrtt2RSYt+NYvLo21x MvxNVrAt7vsn+Aimta427X3y1DIsSpCFO8wlVox55flrR3rCABpYRYwVpkzPR2lT If2bLFLx1VA3c+crHDQLMRgQ+LV0aBCUOdwMgAp/F24pXsm/ro98+G22r9GVvPRs AzHmP/5FJ8W2n6VDSI3DV/zHt+ranW+iyDUWYRZBtQ== =8EMe -----END PGP SIGNATURE-----