-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 28 Oct 2016 01:17:23 +0200 Source: tomcat8 Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libtomcat8-embed-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs Architecture: source all Version: 8.0.38-2 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Emmanuel Bourg <ebourg@apache.org> Description: libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API classes libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API documenta libtomcat8-embed-java - Apache Tomcat 8 - Servlet and JSP engine -- embed libraries libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries tomcat8 - Apache Tomcat 8 - Servlet and JSP engine tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web application tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web applicati tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user Closes: 762916 Changes: tomcat8 (8.0.38-2) unstable; urgency=high . * Team upload. * CVE-2016-1240 follow-up: - The previous init.d fix was vulnerable to a race condition that could be exploited to make any existing file writable by the tomcat user. Thanks to Paul Szabo for the report and the fix. - The catalina.policy file generated on startup was affected by a similar vulnerability that could be exploited to overwrite any file on the system. Thanks to Paul Szabo for the report. * Install the extra jar catalina-jmx-remote.jar (Closes: #762916) * Added the new libtomcat8-embed-java package containing the libraries for embedding Tomcat into other applications. * Switch to debhelper level 10 Checksums-Sha1: 8868bf1be8813f8f38f780bc0956b8bb54cd91f8 2890 tomcat8_8.0.38-2.dsc ebb7208e62275ba341e11e6b77ed38803d9e714a 39304 tomcat8_8.0.38-2.debian.tar.xz f9cd535d6775b0ef2f5668d798cee23e575abe94 240184 libservlet3.1-java-doc_8.0.38-2_all.deb 34943df71725e89d5ad01600686cf92efd8d34e6 391564 libservlet3.1-java_8.0.38-2_all.deb 526a70a13ba8da3358d1bdf19b498ffd6b950b7d 3747132 libtomcat8-embed-java_8.0.38-2_all.deb 2f1313109dd79276ccd736b33f6b57cb68996e54 4699572 libtomcat8-java_8.0.38-2_all.deb f6794dfb770d40a3b80a26938736f3d78f08482d 34876 tomcat8-admin_8.0.38-2_all.deb 21731a01081a7efb6631934af15b85a9e1bfc0b7 60344 tomcat8-common_8.0.38-2_all.deb 6cea58b1ba594d1204c1a40a5c8cad270c8aec69 750928 tomcat8-docs_8.0.38-2_all.deb a27ca5ae3b02264afd96432f44dd06abc05931d1 191418 tomcat8-examples_8.0.38-2_all.deb 97de5c2b6b2e514f5c13b940c4295ef7915d23b0 34594 tomcat8-user_8.0.38-2_all.deb 95b8b18812f4ce89d1546bdb913fd575c63caf07 46286 tomcat8_8.0.38-2_all.deb Checksums-Sha256: b1bf52d124ba4228e55428c025c68d43af510fac9aff0be0b3a597e0563605d3 2890 tomcat8_8.0.38-2.dsc 405d2ac4559d0f48cd665503b619d309b2e0c962a8a34f17dc76efca443dfcf2 39304 tomcat8_8.0.38-2.debian.tar.xz 123b8080dd13085d3d1d33405b21a88cf639cddcdc880be762362ff64be5a911 240184 libservlet3.1-java-doc_8.0.38-2_all.deb bdc27efd12c42ed530171e85da0ded3ab282f98ea76d95e5ce17203dce0ef575 391564 libservlet3.1-java_8.0.38-2_all.deb 2a40f9fe9f0dae1240f4d55a296afebef07a7dcc051aefcfa847cd6e7bee247b 3747132 libtomcat8-embed-java_8.0.38-2_all.deb 305ce5024960c201aca2ae5b8cd739096ee1a510d85d60edc87c7a5161d9c13d 4699572 libtomcat8-java_8.0.38-2_all.deb df0e5457b98dd071e9d056130716bd4235bbd6d01df5194b11b197f903e59a09 34876 tomcat8-admin_8.0.38-2_all.deb 6dcc5340ae33b576c5cf17f147b6c1821de4c7817790f6cf09d899d1cd69658b 60344 tomcat8-common_8.0.38-2_all.deb 3572db47ba5de03933d50646a0ce781b196393bb5c4fc50df388af6bbd0de929 750928 tomcat8-docs_8.0.38-2_all.deb 5e373b75a1e9520e07bb12c1805c72b07599b0d508bcf6b81d96e74569e5a7ae 191418 tomcat8-examples_8.0.38-2_all.deb 70d14c34ff4b58596e5324e8cc377ad6384b3e9347010467a32d590907b21d6e 34594 tomcat8-user_8.0.38-2_all.deb 18a606432b080d6bb24ebfd7d7c53365f94f2055bc55cdd4ebcd246149f88753 46286 tomcat8_8.0.38-2_all.deb Files: 661a62fcba9557569aec405bb824e502 2890 java optional tomcat8_8.0.38-2.dsc 28ad287eae0feafbfbd303e09afeb5ee 39304 java optional tomcat8_8.0.38-2.debian.tar.xz 1e1912983e8b86228bc11e5ee5dc4c22 240184 doc optional libservlet3.1-java-doc_8.0.38-2_all.deb 30f4db7854f725c2756f12124465834d 391564 java optional libservlet3.1-java_8.0.38-2_all.deb 909a5c1714b443f1f44c70b105f1bffa 3747132 java optional libtomcat8-embed-java_8.0.38-2_all.deb 19696bac042c1c9d74485c8c79090b76 4699572 java optional libtomcat8-java_8.0.38-2_all.deb 182619ac7a8fe926609417cbd6bae43f 34876 java optional tomcat8-admin_8.0.38-2_all.deb 9bf08a7f805716144e90d6c9091af08e 60344 java optional tomcat8-common_8.0.38-2_all.deb 0dedf08dd389b1cc8975d98b94570008 750928 doc optional tomcat8-docs_8.0.38-2_all.deb bf1848b6ca12e8b2e13db0f4b455c3d7 191418 java optional tomcat8-examples_8.0.38-2_all.deb bd6bcf498dec47800901bf874c1eeaa1 34594 java optional tomcat8-user_8.0.38-2_all.deb f0adc81d73ba4869c62db6c8a14677c1 46286 java optional tomcat8_8.0.38-2_all.deb -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJYEoxJAAoJEPUTxBnkudCsrYMP/RvHlDDlT0jefH+ioRVSqvYj LV0L9BblfMPgR0+Qjy3STED0aCPRA76K3G7khPFPAnV7Mh9SU7mzTK/cT17l18mx IhQthffyrgCqdgR/u0OhgUmfA2j4p9PHt6AaV2Br1LBkLogdKTywsWGpGazxeQF2 ThsFePR6Nc8HP66IlJD7ScwLJ9Fu9BNCbG6QxOYEJT3A/YmC9kihlXdWg04L2JLv JxQxbQf8yo89HhS7lz2Sp3BIJEK2RGudOBgxLX05LRvQIVhYtSnSP1CYH82TV+Y0 WQhXXWoI+2TuOHA2oMQgR/wBqhq8YvVhxFwu0UHoz7E8kbVOzAs6Gek91tHAtZJy RGutts4efKEKIvFRBSeooYPs+EaAXzrHu17Ks8t6+3sAQ2ezoTYWVLDWDRE8QZVA kN9i9kpZP6+dMRSSGcuQlhjwn2NDLgFFr2OnWDeqFUxPunYyUyIFnEb02ad7EvE0 u2XZOpiuTyEAXyUFRMNr4e422wVN7cSoZeuiyVrQWzmSKv94p5iHY0gS1I0Oeq72 sSkk+nA7CYAbudWq7Z+9q8TPep6vjsMEyD37BAgXp0sgor0htMmzWXFiiTmv9QWA RKZdhpuSYhWIt5z6rOexGIx8a0NP7pLdo5I/chrClowbBYFyWLbiHOa5/oj5LgDV Ta9qEVp4GSdsJv6KC0ko =7+k2 -----END PGP SIGNATURE-----