-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 30 Apr 2017 21:21:29 +0200 Source: tomcat7 Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs Architecture: source all Version: 7.0.56-3+deb8u10 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation libtomcat7-java - Servlet and JSP engine -- core libraries tomcat7 - Servlet and JSP engine tomcat7-admin - Servlet and JSP engine -- admin web applications tomcat7-common - Servlet and JSP engine -- common files tomcat7-docs - Servlet and JSP engine -- documentation tomcat7-examples - Servlet and JSP engine -- example web applications tomcat7-user - Servlet and JSP engine -- tools to create user instances Changes: tomcat7 (7.0.56-3+deb8u10) jessie-security; urgency=high . * Team upload. * Fix the following security vulnerabilities: - CVE-2017-5647: A bug in the handling of the pipelined requests when send file was used resulted in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C. - CVE-2017-5648: It was noticed that some calls to application listeners did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. Checksums-Sha1: 6b8961c359d7e315bc7abd7bd95f7d193ccfa0a2 2929 tomcat7_7.0.56-3+deb8u10.dsc 89aa6331c48ec90eb353c30d5f5d546c2d6254e0 95252 tomcat7_7.0.56-3+deb8u10.debian.tar.xz a497e1511c8f7096d5ac0dda76082c00590941da 64184 tomcat7-common_7.0.56-3+deb8u10_all.deb dc25f43c602a4475687c072ece015c1a6d613066 53146 tomcat7_7.0.56-3+deb8u10_all.deb 356ac728c4a920bda6dbee84c12330ff308857c3 40570 tomcat7-user_7.0.56-3+deb8u10_all.deb 5dbfb100838d3519c02b65db7341350fa4355590 3632734 libtomcat7-java_7.0.56-3+deb8u10_all.deb b53d198b4f1094404fdf65535ed5d65ab324af05 316512 libservlet3.0-java_7.0.56-3+deb8u10_all.deb 075af4fa18871fc29e06f931bbf6f4b8f458ec01 206644 libservlet3.0-java-doc_7.0.56-3+deb8u10_all.deb 8d4152ac4f4bf32610262b55079f1650ff76256a 41560 tomcat7-admin_7.0.56-3+deb8u10_all.deb 92995236ab53ea7efb6d09dd90ac17e677b3fbe8 199798 tomcat7-examples_7.0.56-3+deb8u10_all.deb b12d3c41ff6183be354647b6aff4a5e00088ab00 605918 tomcat7-docs_7.0.56-3+deb8u10_all.deb Checksums-Sha256: 950197eee094103708968c22b41d29f9df6ef25f203c409c9ec6e157276cca82 2929 tomcat7_7.0.56-3+deb8u10.dsc c5f810d1c157f9824e8777e7a4377f377232ec2417c36f4219d7244036d0df49 95252 tomcat7_7.0.56-3+deb8u10.debian.tar.xz d757ad4a3430a7c2d944bb43359665e843b51e142265f07d9b59b013a0bcd7b9 64184 tomcat7-common_7.0.56-3+deb8u10_all.deb 659d3b29965b2d28b424da3846629f23631d842aa83109913d4cd5d13008baee 53146 tomcat7_7.0.56-3+deb8u10_all.deb 6b9ef016a9099dac32d910d7abb4f2f7725293c91cd37f1e786a58829b9478f7 40570 tomcat7-user_7.0.56-3+deb8u10_all.deb b3dbd0f489534f8dc9a753c98000f195fb4e99b4877c9013e35ee08b838bbbbc 3632734 libtomcat7-java_7.0.56-3+deb8u10_all.deb 7d8d7d3cea5089b59a75f3a5a90abea6a306e8e8a00c1f04ce0664f0ad5e8eca 316512 libservlet3.0-java_7.0.56-3+deb8u10_all.deb c7ef9278a4719d57e0846e0771420b3ceb643997ebd2a826650234c2ae128965 206644 libservlet3.0-java-doc_7.0.56-3+deb8u10_all.deb b49cb761d762c250eb6ff0423979e1baea96438864b6f09505d7a5f9fa8c1c3d 41560 tomcat7-admin_7.0.56-3+deb8u10_all.deb ecdef415b7c6fd1013a7605d83ca31943051e4d115feb7f55b68589f88aa2caf 199798 tomcat7-examples_7.0.56-3+deb8u10_all.deb a4b558dd74662454c32a27616202a5a94e9f835bd660cbee2da401558fa4e77c 605918 tomcat7-docs_7.0.56-3+deb8u10_all.deb Files: 5844050c3274298178d6ae169b1416b9 2929 java optional tomcat7_7.0.56-3+deb8u10.dsc 81fcdbfb2a348a2077614f75953d66c4 95252 java optional tomcat7_7.0.56-3+deb8u10.debian.tar.xz b456c9c5842aea69e82f4a3e4d64a624 64184 java optional tomcat7-common_7.0.56-3+deb8u10_all.deb 000caeb448ee4d37d1eddf780abe4af4 53146 java optional tomcat7_7.0.56-3+deb8u10_all.deb 503c977f01684e705f0833a9ab2209d9 40570 java optional tomcat7-user_7.0.56-3+deb8u10_all.deb dedf3004639bcd8c4916623ac4500f84 3632734 java optional libtomcat7-java_7.0.56-3+deb8u10_all.deb f3bdfe7952ed0328e0ddeeb8b0cec3fc 316512 java optional libservlet3.0-java_7.0.56-3+deb8u10_all.deb c26f12fa224781c479405163ee175c1d 206644 doc optional libservlet3.0-java-doc_7.0.56-3+deb8u10_all.deb 224a7476433c8d25ea0352bbca2550e3 41560 java optional tomcat7-admin_7.0.56-3+deb8u10_all.deb 2d273f9edc22873d764ee88fcec5c494 199798 java optional tomcat7-examples_7.0.56-3+deb8u10_all.deb 5830f43b65240308ec80c352585d3956 605918 doc optional tomcat7-docs_7.0.56-3+deb8u10_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlkI81BfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hki0IQAMzsc+9oJyE9dmUOESSKUZqu6bwOTmODOOPJ Yg+HHB+UjB0PqgmHfWGddxDU/NpYQKnPmpkBBA0R6TdaAJLmhj85xlzJRkvJD6uR Zx1H9ZCR8CrEF931tLAj++PI/tsDo1Gr+EPjxPHSwUouIoIWAhnzpqlcRzWQpyQw 2nUbVfOdbFe09lM3LF3ZlP1tFF9V8CO1lRlR0BJIyMoDHVDRuqtsUj8kWiiLirhG YHLZ0/h5sd3pK+WFDDU9avfFLEVhNYggW4e0G32o4oaWWGQhmX1f42Do40+BSR8D nNbYWAahTWbfbcaq/npymNtrgXfbzKV7s0fcGIs1unekmxGX1Ymllyi99rKP8Det hy8RBRXCyZesZFXPqdL4C2g8QmF9b2bUjqhfzMi7sHUfBRQO/aeVwxymiFdX40dA LvZr4FFEKnkQDv6eDLXNn74UBcAlvIDVUUeKbslxhcyHSiK8Bihjoy7MBUvE0hjt rRdGuQa4xJVuRCQpDv1TJQ5By3lFBpbHTXllkhuFuNpKp0S5l0XnpS5JZoBEdKUN OENxWiEQupAjdTsOr0+ISfB9rmc39B8e8iySb00rDj5YygFr/IJgxFqP7Vv1QcN4 tmvCkORg8x5IpgNozOlPA46EAwvt1BL5TbsQUIycDk5wJZEwG4V7z9bA52qWzXRu nutkSAfh =V3Gz -----END PGP SIGNATURE-----