-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 20 Jun 2017 22:23:35 +0200 Source: tomcat7 Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs Architecture: source all Version: 7.0.28-4+deb7u14 Distribution: wheezy-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation libtomcat7-java - Servlet and JSP engine -- core libraries tomcat7 - Servlet and JSP engine tomcat7-admin - Servlet and JSP engine -- admin web applications tomcat7-common - Servlet and JSP engine -- common files tomcat7-docs - Servlet and JSP engine -- documentation tomcat7-examples - Servlet and JSP engine -- example web applications tomcat7-user - Servlet and JSP engine -- tools to create user instances Closes: 864447 Changes: tomcat7 (7.0.28-4+deb7u14) wheezy-security; urgency=high . * Team upload. * Fix CVE-2017-5664. The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. (Closes: #864447) Checksums-Sha1: 12563d105edc58624a25e8b108c57c3959db0a18 2799 tomcat7_7.0.28-4+deb7u14.dsc a2a1464ff52e25bd39be3850466920c2a63285f6 194404 tomcat7_7.0.28-4+deb7u14.debian.tar.gz 187afb381243dc7299e6112b7c4ba236425f73f8 66952 tomcat7-common_7.0.28-4+deb7u14_all.deb 5ee6675f1064cba72c02b0c301963a4b04ad1811 54034 tomcat7_7.0.28-4+deb7u14_all.deb b87429a36a5ec4ae426de708b3e0ef6b73a1901f 42304 tomcat7-user_7.0.28-4+deb7u14_all.deb a2a8beab108ac8ff66f91a3d3562dd6e11e6e013 3510408 libtomcat7-java_7.0.28-4+deb7u14_all.deb 1a01c818369c174eeccdc422a6abcf2ed8459e30 308402 libservlet3.0-java_7.0.28-4+deb7u14_all.deb db8522a0d1f7f58f072de34ed3e0f23d7f358443 322510 libservlet3.0-java-doc_7.0.28-4+deb7u14_all.deb cc551ddc6deb5506186c3a9f6afc8348157c2acd 54902 tomcat7-admin_7.0.28-4+deb7u14_all.deb 0f654ca86a36a9fa034916475154d0ba106310e2 208622 tomcat7-examples_7.0.28-4+deb7u14_all.deb 86f86eed1d81131742fd2caf8d07c0622fb40a31 649618 tomcat7-docs_7.0.28-4+deb7u14_all.deb Checksums-Sha256: 50596c6adc3fb16f40bc3900fe57b6abf97a61982d738873bc919904c619056d 2799 tomcat7_7.0.28-4+deb7u14.dsc ba88ea4d31a4e8e77801fda3a4f07e890822dee89e78dc78be5fd8e5d3245193 194404 tomcat7_7.0.28-4+deb7u14.debian.tar.gz 557ec7418f375549f6040e0972ebcbd9d417eb85df624efe79ea696ec4f6c64f 66952 tomcat7-common_7.0.28-4+deb7u14_all.deb 4bdd84180e5aa89197759ba44b79f1526a89e43b97c33d3df4b99f6f79c9ed71 54034 tomcat7_7.0.28-4+deb7u14_all.deb eb6bd9dc457c6abd95992335fd97f364f5de76a4b079e4e6728f2547de8e7525 42304 tomcat7-user_7.0.28-4+deb7u14_all.deb 2ae946b97d9407db3bb5bd3df4d7030c409db9b6259b671b4224743b43bfd13d 3510408 libtomcat7-java_7.0.28-4+deb7u14_all.deb 337f69254b844df33687cc48b9207aade790cebe58c588f48effdc3662bcfcac 308402 libservlet3.0-java_7.0.28-4+deb7u14_all.deb 06bf7d66e4bbeaadc660ac87e2b2c320011e820625f9bde3f27e459626868acc 322510 libservlet3.0-java-doc_7.0.28-4+deb7u14_all.deb e0ce0bc257284932f824ef2934ed96274870b5ca87b724b9084cbada6d8fff40 54902 tomcat7-admin_7.0.28-4+deb7u14_all.deb e84fd8069f4f5225dae6af31fa04abf7b58654fc8f8c6c304d893698e79cd31d 208622 tomcat7-examples_7.0.28-4+deb7u14_all.deb 567a48627aac057730021927c196991bae9a53c0281ce03d3a11b3933e7d86c7 649618 tomcat7-docs_7.0.28-4+deb7u14_all.deb Files: 98f664be99b5d08f733ef6efebe3f65e 2799 java optional tomcat7_7.0.28-4+deb7u14.dsc 94c7854b12724a6b21c28f824c24c4c8 194404 java optional tomcat7_7.0.28-4+deb7u14.debian.tar.gz 7e502833cef1653cf59994fbdca958d0 66952 java optional tomcat7-common_7.0.28-4+deb7u14_all.deb c0c1281730f706d9d0e4d65137005416 54034 java optional tomcat7_7.0.28-4+deb7u14_all.deb 8b94dab70c0af3b52a013a71b80975ca 42304 java optional tomcat7-user_7.0.28-4+deb7u14_all.deb 01b0ed8582a930c0727400c886a3929e 3510408 java optional libtomcat7-java_7.0.28-4+deb7u14_all.deb 41239f3552dd617d91930501d87f9efe 308402 java optional libservlet3.0-java_7.0.28-4+deb7u14_all.deb b74753d08db5289d61a5d07cf9de570a 322510 doc optional libservlet3.0-java-doc_7.0.28-4+deb7u14_all.deb 88e1bba2822971aa5d24705bce08ff45 54902 java optional tomcat7-admin_7.0.28-4+deb7u14_all.deb 8108b15b8b0e8eb3c98f24e37d501dc0 208622 java optional tomcat7-examples_7.0.28-4+deb7u14_all.deb b2047cdddb13c35c511e566acbb5ae40 649618 doc optional tomcat7-docs_7.0.28-4+deb7u14_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAllJi8JfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hkq14QAJ3zKTNbKYla07PVG44TT13PNpR3/LqPQenT qCe3j85CafVN2GUej2+c1o48M1rW31eyrTC9SaDpL1f0jmcFtHWudBk+mrIVJcsG td9phtdxlo9y3NHXolVwkm+5Or5j9d6wTjytudK5VRKTWyWPwik6LB7Wip03jCDe hE5EuUR3cRLlJGI9XbLSqdMQdjWJofnN0yco7zH1fu6gjRoA5F+AFp+fGbH8zdfs 1oRfgfO2Zsfc/8VsfBGtVJEsyGizElVx/sHubLFWgoabKW+IV9G7Qbso4y/YVi8U bOdKHTUOgP5b8lLqwpst8hMJNB/wqks8366+100a7LnT2SCs1mQsNA2VAJP0snAN 4gZsAYZ6NrVB0Ro3maNORFPbwJpDG08gUZOZ7H41dYdFFyTMX5tu/UiArjh9oZ9E 1Gb6OVYx5gtIzVakBh8fwIa2B5zBSjp0ES/04FngPx7STB27rSoBXR5rBvDwDKjB zlu1tgKMD7vx2ShJEJrHx/Qg1/GG3mgtOImozj7MrUKMiP6pmDuq8F4eXMgc2O0i DQRqeDtABcigxcjht5efWMHi0XZjEkHo1eIXt/kq0N1io34Srz5zVlIL80vta3Qe zQClHNPwapB+bcjIEFbQM23dWpgvuj44DIXzopSL4VO8qENumxMnDt0+qkN/G2yQ fVzNiC1N =HVqe -----END PGP SIGNATURE-----