-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 05 Jan 2017 17:10:29 +0100 Source: tomcat8 Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs Architecture: source all Version: 8.0.14-1+deb8u6 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Emmanuel Bourg <ebourg@apache.org> Description: libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API classes libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API documenta libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries tomcat8 - Apache Tomcat 8 - Servlet and JSP engine tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web application tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web applicati tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user Changes: tomcat8 (8.0.14-1+deb8u6) jessie-security; urgency=high . * Fixed CVE-2016-8745: A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. Checksums-Sha1: 7a52daeb8707fdbfa3776abbbd7d704b01214709 2842 tomcat8_8.0.14-1+deb8u6.dsc 2d04bd58b7b775e374d25c4514ed0204669d7349 71316 tomcat8_8.0.14-1+deb8u6.debian.tar.xz a4702329a8cbe2843aad174fd2e76d4eff9e2b42 57690 tomcat8-common_8.0.14-1+deb8u6_all.deb dc7195572424a0096e43c9c04c85a84f8153a434 47206 tomcat8_8.0.14-1+deb8u6_all.deb 05a99ff39caaf12f8527c0fadbb4798df161f310 34706 tomcat8-user_8.0.14-1+deb8u6_all.deb a55490d1efbce2c21009e1bb4e845864e0747dff 4587388 libtomcat8-java_8.0.14-1+deb8u6_all.deb ab2462ed91606f7a4e2425c3cfeb55fe2f22b590 392098 libservlet3.1-java_8.0.14-1+deb8u6_all.deb 07648de53f4dda2cb5ba2ee4a1f44bb8192d8b2e 247476 libservlet3.1-java-doc_8.0.14-1+deb8u6_all.deb ffd3b7d7c1bcc603fb73685cbc22b47adc3353e0 36112 tomcat8-admin_8.0.14-1+deb8u6_all.deb d9e1d5ffad054a097474ff0e06ca865e2d5e0977 194284 tomcat8-examples_8.0.14-1+deb8u6_all.deb 72db24b72efbc0cbf8ade8a76b4373ab46ebc304 689216 tomcat8-docs_8.0.14-1+deb8u6_all.deb Checksums-Sha256: 112f445527c9097a3acc95556b471b6697e66343d0db60c7e95c90767a59bfea 2842 tomcat8_8.0.14-1+deb8u6.dsc 7ca3c27431bc8a55b020f1db70193a7429a2366dafbb737115967a9e197d06c5 71316 tomcat8_8.0.14-1+deb8u6.debian.tar.xz 61ffbcc499c494a608e2db1b86edb8daa9b5933a5eff81510d6a6b1da804b2c6 57690 tomcat8-common_8.0.14-1+deb8u6_all.deb baca79ad6b8b1e0b938b9e9550dc5c9a152c2f7deeaef87c776d2f40f59e089e 47206 tomcat8_8.0.14-1+deb8u6_all.deb d1cbf959581141b8e26eb748f682cad768da31de4b29849a7f760fdcf61a46fc 34706 tomcat8-user_8.0.14-1+deb8u6_all.deb ac15dfa0a2a952cf734bfb68e7e989f96a728771b1e32b708ed72cbaf75aea97 4587388 libtomcat8-java_8.0.14-1+deb8u6_all.deb af48fa33307281fab7d045c92d882e6ee10737acf3fb6e52563eeb12d060fb43 392098 libservlet3.1-java_8.0.14-1+deb8u6_all.deb f81b43b177f8e95417928ed1f955be64d311174a92558a3a6faaa0a2bffabfbd 247476 libservlet3.1-java-doc_8.0.14-1+deb8u6_all.deb d939b4a02efc4e2c0d29469fe168f720478526b02f79f09bc847d57a2cf59396 36112 tomcat8-admin_8.0.14-1+deb8u6_all.deb c5d07280edcbd24d437df87861f14580b48285c5bda935c4b51120199b24a8aa 194284 tomcat8-examples_8.0.14-1+deb8u6_all.deb c64e1e572e77807d1917366c2cc03387333c15d7fb4ff4d69cece27dae9e96e1 689216 tomcat8-docs_8.0.14-1+deb8u6_all.deb Files: 87c3815db8ceca31cf29f840f5b61965 2842 java optional tomcat8_8.0.14-1+deb8u6.dsc c16bb22de08403c9a79f4fcd3cb6c133 71316 java optional tomcat8_8.0.14-1+deb8u6.debian.tar.xz 369c9a75b42cce99208920df2cdd08fb 57690 java optional tomcat8-common_8.0.14-1+deb8u6_all.deb 34b9efb4a4885de5ffb590e211679e4a 47206 java optional tomcat8_8.0.14-1+deb8u6_all.deb a9357d78134968c6f037bc3a4b26392c 34706 java optional tomcat8-user_8.0.14-1+deb8u6_all.deb 1aa0da1c224ac5ec793f7c9be3daafb0 4587388 java optional libtomcat8-java_8.0.14-1+deb8u6_all.deb 7b48395a23ac9528915afe29734acb90 392098 java optional libservlet3.1-java_8.0.14-1+deb8u6_all.deb 85a6d3c2ce368001b1cea20f6647c389 247476 doc optional libservlet3.1-java-doc_8.0.14-1+deb8u6_all.deb 5cc43ade16f093b10ea94b85daea683b 36112 java optional tomcat8-admin_8.0.14-1+deb8u6_all.deb 1c7ab6a1a5a581ddbca0224e49969e9f 194284 java optional tomcat8-examples_8.0.14-1+deb8u6_all.deb 6eed962d5a49bb23abefea83240a88da 689216 doc optional tomcat8-docs_8.0.14-1+deb8u6_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJYb2HTAAoJEPUTxBnkudCs53gP/2mq0ZZA2S5yUfW/RJH4xgaz mazcegTmxeEGWDO3bFbgYW3hEilzgW0QHaHyGCcTWSI/5qTmGzTF2Ix0wNQMvRzR mntsyzy09flepgkE5JsZhDD+T05iuWtWfDteutxzZEykFnkc1vhDt2CPEJFNx9j/ zq/AdCGrrrPME5pm7bTDltRMgVVDQfV/gqvQEh9X1aWuhOVXW2If303sxH5GFNWm Xlb+NZTMLsdDVPqmb4NWBcHROOhnCVPGzKBDxMseM+75WcN0LenSKffa4vZbEvx2 kYpqhTK/SDIBcekfhDcxyKQPGw2IpmX6TDxrKCrc1PX38itiltzSeo1KnFxdyt0Z /C+MwcSMG+MnO5ctZYxEbe8j9uLKPsU9M7LNkP23hQtXU93vA9+gqxfZDEcf296I boAdjhCSejE+A6Ie13av4OcvCMq/UON57Z4hYoiCmhfD25CV1Sv2a3+yh3ulNBnV xjID+4leyIuLmc0R+avtWYjRctUS+C2KiDya9NWIqT0PRm5jhb96zy7MH84lcpYy w1XENey2S7hWpQO02Rnrae81iTMbd0fDW5scdPfnPVZcY/qbICTtf9B2PvP+nRyn 2gno95NWmY9aJ9LpgnGrDkZlNfYc6757L1kkOrWIh5tSlt3xZrTg/CSegvYMYj5j Rvghxds6BxB8Yz71VfsC =Utjw -----END PGP SIGNATURE-----