-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 10 Jan 2017 22:09:47 +0100 Source: tomcat7 Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs Architecture: source all Version: 7.0.28-4+deb7u9 Distribution: wheezy-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation libtomcat7-java - Servlet and JSP engine -- core libraries tomcat7 - Servlet and JSP engine tomcat7-admin - Servlet and JSP engine -- admin web applications tomcat7-common - Servlet and JSP engine -- common files tomcat7-docs - Servlet and JSP engine -- documentation tomcat7-examples - Servlet and JSP engine -- example web applications tomcat7-user - Servlet and JSP engine -- tools to create user instances Closes: 849949 Changes: tomcat7 (7.0.28-4+deb7u9) wheezy-security; urgency=high . * Fix CVE-2016-8745: A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. * Update CVE-2016-6816.patch and backport changes to SecurityClassLoad.java as well. This fixes ClassNotFoundException when running with SecurityManager enabled. (Closes: #849949) Checksums-Sha1: 5b5248061c8b566e382ee9908936f549925a0af5 2795 tomcat7_7.0.28-4+deb7u9.dsc e88a4aa274f02c5a13ba35581e44ca24b7014b76 186644 tomcat7_7.0.28-4+deb7u9.debian.tar.gz b8d77384389bed3125b725e69af59d6aa5d67a0b 66066 tomcat7-common_7.0.28-4+deb7u9_all.deb 5807129972ff74ffd54e6768f91a76181a641f25 53410 tomcat7_7.0.28-4+deb7u9_all.deb e62bb8317ec57630fe649d0e58c647f336c2874a 41470 tomcat7-user_7.0.28-4+deb7u9_all.deb 50d2d3792de818366bf1af2ff3646072ff53455f 3503904 libtomcat7-java_7.0.28-4+deb7u9_all.deb 4f0849e4da24995f2847b5970a44e019ec2d95d3 307446 libservlet3.0-java_7.0.28-4+deb7u9_all.deb 780147c84a67d55554eb0f0425133c3ddcb61a23 321058 libservlet3.0-java-doc_7.0.28-4+deb7u9_all.deb 1c7cb4b08df9b96b154718e970b40a7605b2c77b 54114 tomcat7-admin_7.0.28-4+deb7u9_all.deb 0c52be10d4ab10a68a2ef13348a2e797febb1a26 207660 tomcat7-examples_7.0.28-4+deb7u9_all.deb 8e19c5279f7e076b2f65f7cc2e918c60e5ddd695 648936 tomcat7-docs_7.0.28-4+deb7u9_all.deb Checksums-Sha256: cc4e79b3bfdee87fd13e8ba89de323a428553e0e6d24457ee3cf6df5a3c37af6 2795 tomcat7_7.0.28-4+deb7u9.dsc e594b4af0ca14694de8516237859c57293cb4aa83b0a78972e4e39ba74e5f093 186644 tomcat7_7.0.28-4+deb7u9.debian.tar.gz d00299e5d3b40a3ca49ff043fe2c53d1f08f05efef93e61c4d259ded10473d81 66066 tomcat7-common_7.0.28-4+deb7u9_all.deb 6c4c222e0cc6c983e469e1ef9e3654a197588cc9d98528aacdd88123b8955fd6 53410 tomcat7_7.0.28-4+deb7u9_all.deb 62549cef19ffb4794c6cd7eb77d682d86ed20933e5fc00db3ea829ac6392e7f5 41470 tomcat7-user_7.0.28-4+deb7u9_all.deb 00ae576bbaa23289b84bd4bb79de31f2524c105ca753b307dc6cdc3e24686558 3503904 libtomcat7-java_7.0.28-4+deb7u9_all.deb 15482e4f6a9d592c21c2cf3cb32012d90e997604a9c0358df41bb29896b641bf 307446 libservlet3.0-java_7.0.28-4+deb7u9_all.deb 2e1c5758efc7b9fc1ec819289b8ebbeefd8a7f903f842659c66490ecec43c299 321058 libservlet3.0-java-doc_7.0.28-4+deb7u9_all.deb da1be2658c123052473bc3308932748f9635a017e09960dfbc772331e89da95a 54114 tomcat7-admin_7.0.28-4+deb7u9_all.deb 9be06bf95c908ce07b10addd3fef9bcaf95b718f4c85888c465594fe5696534a 207660 tomcat7-examples_7.0.28-4+deb7u9_all.deb 15d8b1bfbceebce658bbeab87e85e23c65abdde5aff7ca77fed8581b26e71bec 648936 tomcat7-docs_7.0.28-4+deb7u9_all.deb Files: bcb9744820c575ff60eeced5a7e7beaf 2795 java optional tomcat7_7.0.28-4+deb7u9.dsc cacfcffd23e1961278d67588b7314176 186644 java optional tomcat7_7.0.28-4+deb7u9.debian.tar.gz 392a457d899e6d3f5b64be6181961bf7 66066 java optional tomcat7-common_7.0.28-4+deb7u9_all.deb 40cef88a0c4fca4616b88e6ffef297d1 53410 java optional tomcat7_7.0.28-4+deb7u9_all.deb 25bf0b56815f76b44f50f2fc29d8b80f 41470 java optional tomcat7-user_7.0.28-4+deb7u9_all.deb 2ed9a02afdee863f00b73d6a07eae14c 3503904 java optional libtomcat7-java_7.0.28-4+deb7u9_all.deb ffd3edefc7d4e9c5482aeca70a3a11ea 307446 java optional libservlet3.0-java_7.0.28-4+deb7u9_all.deb b82994d9c9313fd517563e8042e2d443 321058 doc optional libservlet3.0-java-doc_7.0.28-4+deb7u9_all.deb ba7058906c3e24d7256f27b44e92ffd6 54114 java optional tomcat7-admin_7.0.28-4+deb7u9_all.deb cb1e039127e410da1ba2975faf56100b 207660 java optional tomcat7-examples_7.0.28-4+deb7u9_all.deb f2e1820509d77ad2adc9897a481445c1 648936 doc optional tomcat7-docs_7.0.28-4+deb7u9_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlh1Vy1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk+qEP/21yXlKGHE4zSFSEbRNFl8Xy8TdTXDoXZbmx 47yR4jB8OEs5v5DFTL0Pec0uvTthGgqcvA5oQSfrHH8Xqp1Uqqa5QRYFn4HM7BP7 7WuVllYOnRCBXIw8BgZzQ+YhBt7JgHClOc5JrzH7Q/oRJWjq0RMgKl/qk4sbB0GQ XAl+wc2HQ+F6Hdv3yHxNwjr+ewykpbwbbf2dC2vFk0Xi6tvWZBkhe5ttVjlFphKP VPwQkUqOH/MDS8XDrgO5WzDD5xhko2zpK6JUyE9JnNxhBueGLV9R9/uZQlMSNBCH n6Yf0sKVe4PUCCXHwWkySvcKQVc2bWLFN6aMbhmoU80FrgNbssmsE/OjyIbeBTB+ mZTq1Kmw9Fnk9LNcgI+1mImTA70TjXNjfrunC3qP1WZ1uEOyyaue8xxRG8jhnn9E sKhng/47rBarFdRV0LgSEVdrhjTCAgDH/6PSjwBUJUrWO2eeIJQJYAjtJ2I8hf9g KXaTgXh3aOTBjIswZm1SC6IUDsuaqBP/0EbrO0lp+Mh/D7Pz+sRksiYMHnqZ7HNc eLSSNg/9wpylpr+Dznz/BsvOfNc+FwfKLvA9RHhZVU3bgWzDbDdeAf8sSz3yrqUo 0Nz0gm77oiVgwo3T+8GvaPHcOLrMl7zLiy0HrqBROsmbxg71QOEk5MFCEf6JuHfY FveKZSjN =c4SR -----END PGP SIGNATURE-----