Debian Package Tracker

From: Markus Koschany <apo@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted tomcat8 8.0.14-1+deb8u9 (source all) into proposed-updates->stable-new, proposed-updates
Date: Sat, 27 May 2017 12:34:00 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 30 Apr 2017 21:38:43 +0200
Source: tomcat8
Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs
Architecture: source all
Version: 8.0.14-1+deb8u9
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API classes
 libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API documenta
 libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries
 tomcat8    - Apache Tomcat 8 - Servlet and JSP engine
 tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web application
 tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files
 tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation
 tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web applicati
 tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user
Changes:
 tomcat8 (8.0.14-1+deb8u9) jessie-security; urgency=high
 .
   * Team upload.
   * Fix the following security vulnerabilities:
    - CVE-2017-5647:
      A bug in the handling of the pipelined requests when send file was used
      resulted in the pipelined request being lost when send file processing of
      the previous request completed. This could result in responses appearing
      to be sent for the wrong request. For example, a user agent that sent
      requests A, B and C could see the correct response for request A, the
      response for request C for request B and no response for request C.
    - CVE-2017-5648:
      It was noticed that some calls to application listeners did not use the
      appropriate facade object. When running an untrusted application under a
      SecurityManager, it was therefore possible for that untrusted application
      to retain a reference to the request or response object and thereby access
      and/or modify information associated with another web application.
Checksums-Sha1:
 a10a0a79d653d551755033ee0f143b361021da67 3009 tomcat8_8.0.14-1+deb8u9.dsc
 54bb987e0b0f913b77df2d821ae2f38cd14ed44d 77076 tomcat8_8.0.14-1+deb8u9.debian.tar.xz
 76f1a0747de2dc50d8668cd47e24801029207100 58084 tomcat8-common_8.0.14-1+deb8u9_all.deb
 8fe8de51572b679dd5ad2815f4f75abab30022fb 47796 tomcat8_8.0.14-1+deb8u9_all.deb
 eba2df37f392ef6eb6e256a686439f79d714d234 35238 tomcat8-user_8.0.14-1+deb8u9_all.deb
 6ed5114963a4c1143288e6d0540bb96925296b53 4591840 libtomcat8-java_8.0.14-1+deb8u9_all.deb
 7cb6bbecf5aa89bffe931ae3939806b5130925b8 392658 libservlet3.1-java_8.0.14-1+deb8u9_all.deb
 4651eba2b87a37e834d21674cc04ff6c4ed22382 247494 libservlet3.1-java-doc_8.0.14-1+deb8u9_all.deb
 1980f8c4280a83a5edf2d5dae1ab0e6f0e18135d 36670 tomcat8-admin_8.0.14-1+deb8u9_all.deb
 09c161d6915c0bfbd38a17bfd7328385bd588283 194528 tomcat8-examples_8.0.14-1+deb8u9_all.deb
 818973ee2d3ea21c64b04c072f62261ef110f1fa 689762 tomcat8-docs_8.0.14-1+deb8u9_all.deb
Checksums-Sha256:
 9c1403c2dc8b44747efc14a3737ed272e7dfc5635c5eff2ba8b60d3c094f2aac 3009 tomcat8_8.0.14-1+deb8u9.dsc
 acb45154ab51b5d8b79b481a6c7ae0134e54bd7107c4825ede10c5c41540cdcd 77076 tomcat8_8.0.14-1+deb8u9.debian.tar.xz
 f8d53bff6ec90e9d65cdd50e38b05199d4bce8401f2c186a90e154b5567d9dca 58084 tomcat8-common_8.0.14-1+deb8u9_all.deb
 b1b4fee9ccc421d55e26f12516139bec17684d66106c0e84c05e409baaf55f49 47796 tomcat8_8.0.14-1+deb8u9_all.deb
 5174bceccb19f7238eb28a9cce06f8b40a33dcf70665d65766f47fe1ef32ec55 35238 tomcat8-user_8.0.14-1+deb8u9_all.deb
 ddc0735adf925e003d3f98e9a8660c59c94c32723bb661eb6e0fae51084c434d 4591840 libtomcat8-java_8.0.14-1+deb8u9_all.deb
 6ab2a99b918c78b3cb2ae5a759b4d5e5f5b230df4d1f4daa4cb1147478f46192 392658 libservlet3.1-java_8.0.14-1+deb8u9_all.deb
 29dde4bbe323dc1195094c4eea666ceb3964b45fa262d043e6744ade1931e8b5 247494 libservlet3.1-java-doc_8.0.14-1+deb8u9_all.deb
 619f1517100725f0edaf83ecb95f6f4b146a4c0f45c3514a7726836caaa68639 36670 tomcat8-admin_8.0.14-1+deb8u9_all.deb
 af48c923f171a2d3bd51677706687e0f36df78ba97cc1d93326a74ad921f2870 194528 tomcat8-examples_8.0.14-1+deb8u9_all.deb
 65e41c47c885f2dd7bb2b434e7b3685f8acdfa1e6a3545feedc0e6f9449a4a47 689762 tomcat8-docs_8.0.14-1+deb8u9_all.deb
Files:
 ed69a71347fe7bb2dd2b297f9314657e 3009 java optional tomcat8_8.0.14-1+deb8u9.dsc
 1bb3739b9ff78da1c255f022c7d11eee 77076 java optional tomcat8_8.0.14-1+deb8u9.debian.tar.xz
 9eb0a3953355040d284ab850175aa953 58084 java optional tomcat8-common_8.0.14-1+deb8u9_all.deb
 d4421b9e4ab3af5dfc4cb51a14ff2e80 47796 java optional tomcat8_8.0.14-1+deb8u9_all.deb
 3dbab05a26c386d427b6f10bb953e37c 35238 java optional tomcat8-user_8.0.14-1+deb8u9_all.deb
 d65bf2ab453bb49873bfb08b15bb762e 4591840 java optional libtomcat8-java_8.0.14-1+deb8u9_all.deb
 d725bfec8cd9a1e3f5bc73a88a2aba7d 392658 java optional libservlet3.1-java_8.0.14-1+deb8u9_all.deb
 e669229fbecc7ccb4b302f56f4c0764c 247494 doc optional libservlet3.1-java-doc_8.0.14-1+deb8u9_all.deb
 fbad60edbb8dc7f748b44cf41c6db347 36670 java optional tomcat8-admin_8.0.14-1+deb8u9_all.deb
 62297bd6376baa7fe6f96193cf535641 194528 java optional tomcat8-examples_8.0.14-1+deb8u9_all.deb
 bddc1027e4f156903e8a2ba4a4394000 689762 doc optional tomcat8-docs_8.0.14-1+deb8u9_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlkI83ZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkXD8P/R7rxyArVsDJF7vyt29lNcPWxg6RUadxZ1J9
N9kNx4Xs2cR0pmMw2wZIiNB6czyXq++lxZHkzHfp5SzKrNF4tg8Vi7bZHBM47atW
2rX2MBnd1g5OtV6NKYP0StgnLcoAi+eOVfKlbBDYGQ2IUFUXMuG4P8QZ2R9mtawz
Xi4X+aQ6JgP1oOK9CkBCnlJlA+Aav9+B/1m6vbmPYtNtuyIzKaiXMCest2tYvZ7a
FQRdyE2Ny+Hb3yqzs6TlaUhA4bQX7uYtN4fDBa8FvpIQQa7v9N57L8+Rq91w/nRy
c5nSKPfSJKJwBr9gtEkRSO1JAUtnpRcVu/6Hyb3RVXIdQIiyDrLiJMVGImJNnyxT
nIjNhm8czlWShXG1o0stNiUxFy8StAyN859bgskPfBA8SC2QLrrEQnSyZMAsGUX6
jCELunO4lX9bhlFCbU246uKSXYjxZbEvSKKSXGlJ4R5V+VPSK7SjkeYO1gM5WH+E
ryyAdj8FMCfNIBOYPCbZwdMcHpJXXItr1n7Bo4RwFn+5uFw+8RSFlL7iYMBTzN8G
HDpSjTSE21LyABaruS4ZBIIwWtF3i37zO0bqJuj+bI20Z5CL6S4kph738GgCuJQS
QcSeCgdmWkXeDtBq0IKrhKEQEzc2kBlTOsuSsjj7rJD7h1S6t+CYXOOWSfPQfeIh
PVKkJr+E
=xR37
-----END PGP SIGNATURE-----
News for package tomcat8
