-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 28 Oct 2016 01:34:22 +0200 Source: tomcat7 Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs Architecture: source all Version: 7.0.72-2 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Emmanuel Bourg <ebourg@apache.org> Description: libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation libtomcat7-java - Servlet and JSP engine -- core libraries tomcat7 - Servlet and JSP engine tomcat7-admin - Servlet and JSP engine -- admin web applications tomcat7-common - Servlet and JSP engine -- common files tomcat7-docs - Servlet and JSP engine -- documentation tomcat7-examples - Servlet and JSP engine -- example web applications tomcat7-user - Servlet and JSP engine -- tools to create user instances Changes: tomcat7 (7.0.72-2) unstable; urgency=high . * Team upload. * CVE-2016-1240 follow-up: - The previous init.d fix was vulnerable to a race condition that could be exploited to make any existing file writable by the tomcat user. Thanks to Paul Szabo for the report and the fix. - The catalina.policy file generated on startup was affected by a similar vulnerability that could be exploited to overwrite any file on the system. Thanks to Paul Szabo for the report. * Hardened the init.d script, thanks to Paul Szabo * Switch to debhelper level 10 Checksums-Sha1: 495092be3630a12d78167ab227d51fa5c87d161e 2792 tomcat7_7.0.72-2.dsc fb8178fee2f0c6a2a0b1355a6433a9aa6615d335 67128 tomcat7_7.0.72-2.debian.tar.xz a624c4459919c116df24c342ac3b3d233b90b8cf 194304 libservlet3.0-java-doc_7.0.72-2_all.deb b4302c2b77631963268735f1f0c64f860f3e234d 314270 libservlet3.0-java_7.0.72-2_all.deb 2013e678b793b3a33ef4ad6d96ae6610a729bbbd 3744066 libtomcat7-java_7.0.72-2_all.deb ca9433efe99dde253ad236171cb13cb2814b4c1c 39638 tomcat7-admin_7.0.72-2_all.deb 559a2288cb7776cfd5f6e6b96473ab55b44d7ac3 281378 tomcat7-common_7.0.72-2_all.deb cac082b26c6f7ef8b93fe7e3d9d0bd50f54466ba 653078 tomcat7-docs_7.0.72-2_all.deb ee8ff01b1a0a10b7081d6591ea3c96412ccdb383 196232 tomcat7-examples_7.0.72-2_all.deb ebf330767028e74f94757b5c4b9b977295054291 39616 tomcat7-user_7.0.72-2_all.deb df7ab6eb72493bf6cf545d41a82d5101158d4d7a 51290 tomcat7_7.0.72-2_all.deb Checksums-Sha256: 8252e015718431ae1c1dcd8cc6e700fdaa09ad21916fe4ce1a333e09eec709a3 2792 tomcat7_7.0.72-2.dsc 9c4f7b076556b7099cd4faabe9b8e0f18521659d5e63a51e02daf71e70d22f46 67128 tomcat7_7.0.72-2.debian.tar.xz 4ef4a9ed2581780ba846c306b3ca8b3e7f11a8e28c1eac4fd7ee9463dbecf631 194304 libservlet3.0-java-doc_7.0.72-2_all.deb c1e18a10e4da8d4969d446f18c00b1597cc63290f23d1a91d6d0a6a1e8ff4706 314270 libservlet3.0-java_7.0.72-2_all.deb 30b37f58b9dda1a1abc7dc95dcd672cd6c69b46f01bc7d4c7c0cde44ed33b0b6 3744066 libtomcat7-java_7.0.72-2_all.deb c5f25f0f492c46c5cd02ed2374a99a8c2f077d3331035b9a3400d422cbd22ac0 39638 tomcat7-admin_7.0.72-2_all.deb 0092082e9140265613904346c51cd29737fc6055d715fda7fffd7e8aab8f75a4 281378 tomcat7-common_7.0.72-2_all.deb 2b21b3775d4adbe5edc040f80cd8b0ab517d1af9c57c39f1566985420761bc37 653078 tomcat7-docs_7.0.72-2_all.deb f236a486b7b24a8ba14e2d52ac424e3758ea80ce4b886a89ea72b3dc2f9907c1 196232 tomcat7-examples_7.0.72-2_all.deb 91e1cf2a96e1aba02b0511e28bda669ce4ee9d425a9069adf6219fedd8a1499f 39616 tomcat7-user_7.0.72-2_all.deb c47bbb2330dbaf248bc667734d0d347beadb34446f786e594b50b06083ad2099 51290 tomcat7_7.0.72-2_all.deb Files: 49bdbb625395c308e7525c9853713d3a 2792 java optional tomcat7_7.0.72-2.dsc 7177ba276ac19e21ed33097083562f25 67128 java optional tomcat7_7.0.72-2.debian.tar.xz 4e1c73f35a98e605d0f351d676205bdd 194304 doc optional libservlet3.0-java-doc_7.0.72-2_all.deb 38ad478071992dd89c1828752edd27c3 314270 java optional libservlet3.0-java_7.0.72-2_all.deb 57eed0e7979397fbbdbc52dc5d31cb32 3744066 java optional libtomcat7-java_7.0.72-2_all.deb 7821ba56dedbd18fe9a58d08c50a6f06 39638 java optional tomcat7-admin_7.0.72-2_all.deb 72355e8c6f1005cac55e6e225d1e1c79 281378 java optional tomcat7-common_7.0.72-2_all.deb acc9ace8111b8d93deb022f2c8a23038 653078 doc optional tomcat7-docs_7.0.72-2_all.deb f7f62226a0a40a61f91c146dbe55267a 196232 java optional tomcat7-examples_7.0.72-2_all.deb f97d4f7e8ad98a6d4b60fe2565c1d246 39616 java optional tomcat7-user_7.0.72-2_all.deb c26011de782ed3d9916bb47c39b30117 51290 java optional tomcat7_7.0.72-2_all.deb -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJYEpCtAAoJEPUTxBnkudCs7IwP/R5UMJk4ryHJpMZjJAdVOevi NauFcbxlARpOsM2SR96O0yYeUVur1u6WU7+bkqdc3ZAOarbzi5yO8fGWnJUHjJjv J7CnKASC6aBmvppDoMs2zM+lUkavgcr5thY7zEdhxr4JBoEevZMvmDTmb0rVZ5HA rlvXIpUHLdLsA7JXpGTo0bQElrtL9Tsn5bROCg20u/48ejrlTKeNXMHAMbHtiEL6 t+e1SxnaEaQ0kcpVwJ2N2qjD5n8cN/0ImEKlnV/PukFEjg3v4LhdOZ9s6G8mxz7b f3XD84EhQ29XD9G+4pokRguf4kejnuptOUF4T49aZSWtwSRhOXyUNsDZHRlZwP1v rME4spIg8W5I0JCbcfryS3aSQQ0CkuguJfWsXOtiuX2CD+18RscI5nATC5LLTotj KD5tA5m0C6xoM0HJZzucotac8sMTbUXUq8E3/8mXCS0NYQlxCpcASgm49oyMeQL7 RTD7AbE2ulr0lgl4RK/a38GWK8gtayoUpPC881X2UFJlK32ekMFBF2xBIEfanM22 qWOejFN8VmV8v9KeJKtnAt51WQvL7IlPPQti8RpnF88FGNq4X474qXdLeKYREJ8E SJKrntoteLf8JgaNbVjPXucWWNus7jK5LH9te7d07/Obi08tI6bx38Kjmlcejews 1o6lMXNJ7DDmbmtQgyLh =YNIv -----END PGP SIGNATURE-----