-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 14 Sep 2016 10:20:28 +0200 Source: tomcat8 Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs Architecture: source all Version: 8.0.36-3 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Emmanuel Bourg <ebourg@apache.org> Description: libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API classes libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API documenta libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries tomcat8 - Apache Tomcat 8 - Servlet and JSP engine tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web application tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web applicati tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user Changes: tomcat8 (8.0.36-3) unstable; urgency=high . * Team upload. * Fixed CVE-2016-1240: A flaw in the init.d startup script allows local attackers who have gained access to the server in the context of the tomcat user through a vulnerability in a web application to replace the catalina.out file with a symlink to an arbitrary file on the system, potentially leading to a root privilege escalation. Thanks to Dawid Golunski for the report. * Removed the default 128M heap limit (LP: #568823) * Depend on taglibs-standard instead of jakarta-taglibs-standard Checksums-Sha1: bc36375936c6a23b0c641c714afca8cf1a9ba4ff 2811 tomcat8_8.0.36-3.dsc 07338c289832ca8b98f9bdeb21a3b7cb41f52e5d 38940 tomcat8_8.0.36-3.debian.tar.xz b3cd3b9c3b65112ed16496b4dbe625d6db3bb81f 239708 libservlet3.1-java-doc_8.0.36-3_all.deb 881cf16bb7eb0776386c3a5ddaa082de11b80940 391304 libservlet3.1-java_8.0.36-3_all.deb daf058693d2ca3bc98a73873a42781f13a48c0de 4675770 libtomcat8-java_8.0.36-3_all.deb a024d4e343f1b65248db4eaa4c0f1e0323ce15da 34458 tomcat8-admin_8.0.36-3_all.deb 445506e7b8f10bef6aae8709a86ca5c3a6691400 57122 tomcat8-common_8.0.36-3_all.deb 8511746cf0be91c9aff0fbe0389828dd10bf3481 744954 tomcat8-docs_8.0.36-3_all.deb 24f9f4fc71313405164fe81f75ef9233208f7fd9 190940 tomcat8-examples_8.0.36-3_all.deb 48c6f00965eb393aba13cbc852f5b189005d88b8 34224 tomcat8-user_8.0.36-3_all.deb 2abf2374a77f22a6e1c7ae1e69e412aac66e3d7b 45818 tomcat8_8.0.36-3_all.deb Checksums-Sha256: b6d784dbff3661e732da6ccd50d05f61d3f175ec5b535df586da5defdb78d8cd 2811 tomcat8_8.0.36-3.dsc a4a1c4d351d68a31a56574348129613d80fa0cf2a681ffee9292cf902e8bbda2 38940 tomcat8_8.0.36-3.debian.tar.xz 944224c65e1a7f6ff96c1fce5648ee6cea7cf7240c7d5e0b688513bc17b49aa1 239708 libservlet3.1-java-doc_8.0.36-3_all.deb b1bdbbd62c832de9d41ee97bcadb5038ad880e4b1d05327a33f0d75426f5d38b 391304 libservlet3.1-java_8.0.36-3_all.deb ffa8cc4fc55d1072800e9135ac09ebe88ab162ea1e23b09166bf6b30358957a8 4675770 libtomcat8-java_8.0.36-3_all.deb 67b444c750103b08690cc74f13662b17a42e881bd704e11a4ad730d520e7a6d0 34458 tomcat8-admin_8.0.36-3_all.deb 8f1529417882a37b4823b34a7d2d1a2cba65a5bb2e06a25351ee75d4bd2f7ebd 57122 tomcat8-common_8.0.36-3_all.deb 64e5d1e4db3cda81237f724ebc19dae0d8d61325b9b01e1534e975663067db40 744954 tomcat8-docs_8.0.36-3_all.deb c7350bc89ac7c93978a49bde2027267ad3146bfed6e244bd24d796a9f7f5b74f 190940 tomcat8-examples_8.0.36-3_all.deb a0551d67067f0c7cc77920db55faa52d68c58ad2824cdb351f954673cefcad71 34224 tomcat8-user_8.0.36-3_all.deb 13b31ae042c303b2f382b377e31b9ae20b8a45e02043ba1c0b26d2e7cf22a3a2 45818 tomcat8_8.0.36-3_all.deb Files: 37e8061c42f81737604d1f9ef82da216 2811 java optional tomcat8_8.0.36-3.dsc bc8d9bbaf5dbed4be1eaef9e1c4e14b2 38940 java optional tomcat8_8.0.36-3.debian.tar.xz c44823ac788acfa21cdc1785493fa92d 239708 doc optional libservlet3.1-java-doc_8.0.36-3_all.deb e1d801e18e928649f8f19f542d2e1c5b 391304 java optional libservlet3.1-java_8.0.36-3_all.deb 0e2cf50d2dc7842fe7737d9948a3d90b 4675770 java optional libtomcat8-java_8.0.36-3_all.deb 6a4188abbcf1519faba4ea8b4c21693b 34458 java optional tomcat8-admin_8.0.36-3_all.deb c2baa11eb124d9fa28e00db9bfe7eeae 57122 java optional tomcat8-common_8.0.36-3_all.deb 9d7c6bbce28a0add16aa438669214bd4 744954 doc optional tomcat8-docs_8.0.36-3_all.deb f5383c09d960cdbb43e1de8f6e408df6 190940 java optional tomcat8-examples_8.0.36-3_all.deb ff8a0b4ba5f7ca8cab00e9fb47dc406e 34224 java optional tomcat8-user_8.0.36-3_all.deb f38c8ea678915475a48784ac8ab01989 45818 java optional tomcat8_8.0.36-3_all.deb -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJX2Q6kAAoJEPUTxBnkudCsPrIQAMIAjhKJgL3yx6JUFtSIKPyt jKeK/pi6DG0JGhMnRTgyg+tOwa0dGfgA4WQg0NW3IKLL94a09/nHcYkVZ3MgwAa8 KYlVBe9XxP6uZqzYWMXIiNHMhTQZ0IS0kb2cqmYWdB0j2qPQfjYA0oUpPt3CTE3f fYZgVUAQZPJD8NTjDbd154lDkjMEnn69Khzin7HRlOZS57HnUwyYFIixLY/F8Mfx QwdftGmxd8O3qsoXvC7jq0MQYx9pih0nbZmtfflg2viS1i+0xNUqBLJVqeA+Ch0l 8wBC6wP32WsL84Nd6g7GSbZJYusuhc6WF4bxOkcNCHP1FYDLsFLlaFzsYIfy9Tcv iEpXeSCQpk67gHf5TcEqFtaMNMVeV6m3GQ/HmNpWLUsYE+EgOAErhvrBY4aGawWC F+/frQ/mjWVGN8ZzPo3MoNnwGHT3WXYwmAMJZnm+24uEiUITS63+lEr4TAo+eLwc Kb1N35D3Vuboi2N8q9Ld25wfcxMzC7/txGMP0URlkHfCRwQt9rQ++m7sOHoIPdcL XpgeTZ8xfRZEA4U8LA5pSt8khg00SpMl/Wv+Bjb50rOtL1jM37zNlOWR2tgDESZD 7c9YrYkbosM4rg7IV71YZDOttTkZaNE1DiN1TULl9iXZlirJTnbd7XkQdFBrILk+ 8aWHgQqtigGz2tpHBiq/ =b9Oa -----END PGP SIGNATURE-----