-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 18 Dec 2016 19:49:02 +0100 Source: tomcat7 Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs Architecture: source all Version: 7.0.28-4+deb7u8 Distribution: wheezy-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation libtomcat7-java - Servlet and JSP engine -- core libraries tomcat7 - Servlet and JSP engine tomcat7-admin - Servlet and JSP engine -- admin web applications tomcat7-common - Servlet and JSP engine -- common files tomcat7-docs - Servlet and JSP engine -- documentation tomcat7-examples - Servlet and JSP engine -- example web applications tomcat7-user - Servlet and JSP engine -- tools to create user instances Closes: 845393 845425 Changes: tomcat7 (7.0.28-4+deb7u8) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Add CVE-2016-5018-part2.patch and fix a regression when using Jasper with SecurityManager enabled. * Update CVE-2016-6797-part2.patch and fix a regression in ResourceLinkFactory.java. (Closes: #845425) * Fix CVE-2016-9774: Privilege escalation when the package is upgraded. (Closes: #845393) * Update CVE-2015-5345.patch and enable the use of the mapperContextRootRedirectEnabled and mapperDirectoryRedirectEnabled attributes on a context. Checksums-Sha1: f4fba5d2a326f5afa8d3445172d678f4e6a767fa 2795 tomcat7_7.0.28-4+deb7u8.dsc 0dec8069b2a51ca0512c1c46681aeb2d0e0f0332 185156 tomcat7_7.0.28-4+deb7u8.debian.tar.gz 9c9ed2c7f36397f4c8bfe0bf5decb96d3f228bb5 65976 tomcat7-common_7.0.28-4+deb7u8_all.deb ed386efa1102d312ce7751f8130cbd8ad36d5a48 53228 tomcat7_7.0.28-4+deb7u8_all.deb aba321bdc971262db7e9d4bd0f0e0e9210f5f3ba 41212 tomcat7-user_7.0.28-4+deb7u8_all.deb 77aa7628cdf3d9dd3b0e4286c4eea57542128bd6 3503624 libtomcat7-java_7.0.28-4+deb7u8_all.deb 86f3c5fbe7d8126d9887ab2e0b98dc90730213bf 307204 libservlet3.0-java_7.0.28-4+deb7u8_all.deb b2d15403b4ccd942ab138a29eeccccebda7c292d 320878 libservlet3.0-java-doc_7.0.28-4+deb7u8_all.deb dfe2ac6ba4b9dad3d88a28ed7e2d9082aead2567 53872 tomcat7-admin_7.0.28-4+deb7u8_all.deb b3125354d4844bec95dd5cc14eff7de043a8ec2e 207408 tomcat7-examples_7.0.28-4+deb7u8_all.deb 5e95b27385f4906cacd1db2e760f619aeb73b6d2 648842 tomcat7-docs_7.0.28-4+deb7u8_all.deb Checksums-Sha256: d65fedf7eede8d13588ec8530d9c917d8fbd3d78bffaaa1eb2876e388d12ece3 2795 tomcat7_7.0.28-4+deb7u8.dsc 47e044cf3e0f564bd79b883f3647fb074f647318898d1e64a0f67ace328f504f 185156 tomcat7_7.0.28-4+deb7u8.debian.tar.gz 89484d97d36d1e81b9208ac0172c3620d155d1feb1a2a82a1e7cb231522cce2f 65976 tomcat7-common_7.0.28-4+deb7u8_all.deb b0a6c10e8df4f75d9e240f0b9409e56d96c8d51cd1516bd6dca2a78593993f19 53228 tomcat7_7.0.28-4+deb7u8_all.deb cb52465090d2a8453e86e021038d90ebfd40e8b04e3f02920e00316f93b5947a 41212 tomcat7-user_7.0.28-4+deb7u8_all.deb f6a9152081e57eb91169fa380044e68c062042feaa81015bfe1593ced3bf510b 3503624 libtomcat7-java_7.0.28-4+deb7u8_all.deb 3ae08ce4ec8b767016911219c7f8539fa346bd63a10cd569e67f67881010fac5 307204 libservlet3.0-java_7.0.28-4+deb7u8_all.deb 512a2950905850f933c7f308cbdcd7f28391460911a6b94bb5bf0f13e3164c0f 320878 libservlet3.0-java-doc_7.0.28-4+deb7u8_all.deb 1701bf70e99e7cf65a475b08efcf2157a329ee6deaa5ace2be3b2ca611763ecb 53872 tomcat7-admin_7.0.28-4+deb7u8_all.deb 54ff0452d447f4280994b4560a66dc2b7b557a23e36ca01ee02ccb062fe2a6e7 207408 tomcat7-examples_7.0.28-4+deb7u8_all.deb 6fcd1be33815fb0b6959aed0d059ce0b7ce5f2f09bdf440857f1e90be67214a2 648842 tomcat7-docs_7.0.28-4+deb7u8_all.deb Files: e9b1e34edd19dfd5abc76ae974d58abd 2795 java optional tomcat7_7.0.28-4+deb7u8.dsc 4117ecb2351d11d6aa62b5c84f5f7a12 185156 java optional tomcat7_7.0.28-4+deb7u8.debian.tar.gz c58daac60f9cd5c500126ec3ca1a1ee3 65976 java optional tomcat7-common_7.0.28-4+deb7u8_all.deb e8ae59df552719463d7a0a5e0a72ed05 53228 java optional tomcat7_7.0.28-4+deb7u8_all.deb d2e3ad13c8ab1b42aef1c645c3f9ffed 41212 java optional tomcat7-user_7.0.28-4+deb7u8_all.deb ca7a438173418a804e7ab58cb623536a 3503624 java optional libtomcat7-java_7.0.28-4+deb7u8_all.deb 011d4566c8c7d5f8f65b1d308fc35962 307204 java optional libservlet3.0-java_7.0.28-4+deb7u8_all.deb 87b6a5574810289f476c9cb6a0c38b1e 320878 doc optional libservlet3.0-java-doc_7.0.28-4+deb7u8_all.deb 18929f5a72edadffed12a10660c994fc 53872 java optional tomcat7-admin_7.0.28-4+deb7u8_all.deb 32a40a10db2fd9a67cf7aa6d4929fcf7 207408 java optional tomcat7-examples_7.0.28-4+deb7u8_all.deb 40155d08a1793a0ee3ade4d0ddc6bce8 648842 doc optional tomcat7-docs_7.0.28-4+deb7u8_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlhW4m5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkamkP/RY3P90R50jaD9CgnwxEWS4tdzNxhoSU+rI9 cEWry77xGvrZW3E+maykvGs2wfgSf7ZOskbHN95RRgB9Upb/JUOS6/pn1eA2ETOv bIJr/HnfJzfiQKixA4EhJpiUBa12/+1KJdHyDaNVQB0UKlWy8W7NCSAZVhqzknLy dv7mg/d5FVcFvcGEojhq3AQlz1RyL9OIQ3yUCN8dn/wWIQUAqGXYcvx6GG05/2nW BsYHYNiBQqYlPHZ9B1CjInUMSCga0RmkdpRYOMM/0ACd6SRdSHSaCZUT0MWiVbhx vTEGCia9iIReJg7EMwSkKZNWtsxNvYPW+WBkKkAdU1jH+BB1trx+eipRsTub2YNH 1/igf19oNW+DsV+FNJfUgLaz+WPYWLIKJjiSOWlVJ4Y1k33zCB5JqGt28yx/L8k1 Nve3qqB4jr58tf+pvbFlN2H4hy/phTJGLS3RdzbqNJcrtQVJaha2bey304G6T8EZ rJkCgSrrbi0RfmZpAX9hxQm7cNecIJhR6Tsu5/l3f07t6deOB8Rq2H4qi1r87RNw yVF1Du+3N2fuD6Um5kteJx65C9oHJ1LD22YOn6QZ6QEf3Ii2PCLBJfrKSU3WVeqn 9+9HoAdyQ5kXUYOp8jD5xOu7JUw4cVO0zwMXFJR2hwyikogo7/mUriTLts+55Yyq Abx9RPRG =Xj6y -----END PGP SIGNATURE-----