-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 28 Apr 2017 22:47:08 +0200 Source: tomcat7 Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs Architecture: source all Version: 7.0.28-4+deb7u12 Distribution: wheezy-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation libtomcat7-java - Servlet and JSP engine -- core libraries tomcat7 - Servlet and JSP engine tomcat7-admin - Servlet and JSP engine -- admin web applications tomcat7-common - Servlet and JSP engine -- common files tomcat7-docs - Servlet and JSP engine -- documentation tomcat7-examples - Servlet and JSP engine -- example web applications tomcat7-user - Servlet and JSP engine -- tools to create user instances Changes: tomcat7 (7.0.28-4+deb7u12) wheezy-security; urgency=high . * Team upload. * Fix the following security vulnerabilities: - CVE-2017-5647: A bug in the handling of the pipelined requests when send file was used resulted in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C. - CVE-2017-5648: It was noticed that some calls to application listeners did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. Checksums-Sha1: af37ab8658e644117df36b4c924a39451bff7087 2799 tomcat7_7.0.28-4+deb7u12.dsc 49a41ea2c5b876310aaa9a0cc33b360962833564 193643 tomcat7_7.0.28-4+deb7u12.debian.tar.gz 6b265ce2e5896785225153eef6a5d97708fab9bc 66554 tomcat7-common_7.0.28-4+deb7u12_all.deb 4fa82f18eb1d906670b64214b3e9a1d17e0265d2 53772 tomcat7_7.0.28-4+deb7u12_all.deb d60650f56cac9ba259c0ad01e1871c00a23ef47d 41926 tomcat7-user_7.0.28-4+deb7u12_all.deb 22f531ab1b44c219416e58eaf4b2b85203dc769f 3509818 libtomcat7-java_7.0.28-4+deb7u12_all.deb b6d7566b69ecf6c732e157ce050c02375e99a2c3 307970 libservlet3.0-java_7.0.28-4+deb7u12_all.deb e3884a914d97f3ec2a82a54c14e0f78c573b18f8 322242 libservlet3.0-java-doc_7.0.28-4+deb7u12_all.deb d04bb34aed36528235cebc9209a73c5cd04e82e7 54546 tomcat7-admin_7.0.28-4+deb7u12_all.deb e07cf6e2ecd6d8bbf5b9ccf58aa2eadb8e47d175 208216 tomcat7-examples_7.0.28-4+deb7u12_all.deb 7eec0df06d9f394d429b20cb499dfeb00f69b889 649328 tomcat7-docs_7.0.28-4+deb7u12_all.deb Checksums-Sha256: 14dca14539c9af018e5ff629b8559ac65e220e0c205249b35109a6359edbafcd 2799 tomcat7_7.0.28-4+deb7u12.dsc c8c951b4a19e83ea17c5fbff27495a1527fbc77c957e845f7e6975fa2afe8af8 193643 tomcat7_7.0.28-4+deb7u12.debian.tar.gz f5a0229162c773c1b5ff0bfaee61283d3b7009e69aab5f48580022de5e2a7cde 66554 tomcat7-common_7.0.28-4+deb7u12_all.deb 8d1d4ddaeb705f92fb2925ce0b779e405c4ce07d820797819aaf6f64c720bf0b 53772 tomcat7_7.0.28-4+deb7u12_all.deb 3558af315e42b518955905c391c87b56a20389e61e29ccb2f04c673dfa77d4cc 41926 tomcat7-user_7.0.28-4+deb7u12_all.deb b1b6ea8e3d79e16c37f227a7914b83de1431d0a48a3a19384fc6c46b4c8b5d52 3509818 libtomcat7-java_7.0.28-4+deb7u12_all.deb c3e5a71648e1f861823d284d0f372f6b4922ca35d312474f0e1490a7ab07a1f5 307970 libservlet3.0-java_7.0.28-4+deb7u12_all.deb 300522f83dd0c8dbc3e33a20de6661a140eb839f130898167f59a55d28946dea 322242 libservlet3.0-java-doc_7.0.28-4+deb7u12_all.deb 0cb432a6da7702bdecd9eb5c75a86c51ab4b6d3f77692187b81c683ce85088d6 54546 tomcat7-admin_7.0.28-4+deb7u12_all.deb ef2f119da5934acae976b20e1e7b454974798834c7d18ca680e3c35f0e77610a 208216 tomcat7-examples_7.0.28-4+deb7u12_all.deb 185ccd8709ac6438569be60fedfc4284914743eaf268aa8c73d3fbb324d49623 649328 tomcat7-docs_7.0.28-4+deb7u12_all.deb Files: f57adae93489c370ee4e07c8316999ce 2799 java optional tomcat7_7.0.28-4+deb7u12.dsc e42d2ff0a7014260358dc8de2fa54d7d 193643 java optional tomcat7_7.0.28-4+deb7u12.debian.tar.gz 24376d2519d1425cd75d0ace1aa45b20 66554 java optional tomcat7-common_7.0.28-4+deb7u12_all.deb fbc064edd11e3b62e3900fd0137e9258 53772 java optional tomcat7_7.0.28-4+deb7u12_all.deb c83dceb6f2459794850e8647cf9bce1b 41926 java optional tomcat7-user_7.0.28-4+deb7u12_all.deb 580ad45e9d37e799e22bad07d56e2cf4 3509818 java optional libtomcat7-java_7.0.28-4+deb7u12_all.deb 96be3281c7fbb4a139a526cdc9e03ac2 307970 java optional libservlet3.0-java_7.0.28-4+deb7u12_all.deb 5ab70c08b6d9253fd16aa3193f5317e6 322242 doc optional libservlet3.0-java-doc_7.0.28-4+deb7u12_all.deb ad97f88520d2024ff6a688d95d50719e 54546 java optional tomcat7-admin_7.0.28-4+deb7u12_all.deb ce3adc525bbde879b96cf4416a735e5e 208216 java optional tomcat7-examples_7.0.28-4+deb7u12_all.deb d09c5f4a25ac3f04bbb417d44117dcf4 649328 doc optional tomcat7-docs_7.0.28-4+deb7u12_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlkDr49fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkJLYP/iSYZxGqN0+BH3IoN3/uOJTDl2LuhsOAW1EL ZE6CNgbVM40KYVigCrFAG7KwFgKqlJqdkEtn2n6RctLfVfsFGEMBvPj0rP1ht18a ILKRLXQ4lfmgxdgkBiXl4LyPCdQg+pkfTXBz3FHf3ZrKuHyLi2zT7C45uvgpNbo5 wBIG95aGeydJoNDz+nRND7efLZ8aDtFmrGKwerQLWcmJxfIgmX6eomXO+SLTNxn2 Z+KujHy8RAi4WVdiypVrkUN1cIjXZWaq++p0nb5/5TCaDSDC5nGdoCyuW/N+AJTr rHyvtSmkM+4cC60gEc+vKXRkIJw4rsbKmRvgKMv0CXQ822y0EcO1FTZXN0YL6eQQ c+CdrPwjSnZQps/Yc9HozMgfLa4MAD2ZFC8YpoUifbNkcujDYAfGem/jtV+OK5sx jIaPPCcRmQuG8AF3gH11MYZkt5DFujVRkBhNlCa5oYwICEBAEw4ISNRFxKyRn2Z5 sHPK+I9WZTTikiBMbM/sHqop6y/HO84fDcvsBUhM3AW/WQbu9DJUw6fuF3lc0XBD jjZRhklLAiPp2RyTmbG3qxSDhQL5DiGA7Pj10zVHGyBBEwABw/wUTtsq5Y9z7Eh5 gJBI3sD7gx/uQNOPs8TeZCYrhXjXuBz0Ww7y0OOKg76PvtwmoA/7XlL1H0UDxbyK jxJmyJ0A =QRsE -----END PGP SIGNATURE-----