Debian Package Tracker

From: Markus Koschany <apo@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted tomcat8 8.0.14-1+deb8u10 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Date: Sat, 24 Jun 2017 21:19:18 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 20 Jun 2017 20:26:44 +0200
Source: tomcat8
Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs
Architecture: source all
Version: 8.0.14-1+deb8u10
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API classes
 libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API documenta
 libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries
 tomcat8    - Apache Tomcat 8 - Servlet and JSP engine
 tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web application
 tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files
 tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation
 tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web applicati
 tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user
Closes: 864447
Changes:
 tomcat8 (8.0.14-1+deb8u10) jessie-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2017-5664.
     The error page mechanism of the Java Servlet Specification requires that,
     when an error occurs and an error page is configured for the error that
     occurred, the original request and response are forwarded to the error
     page. This means that the request is presented to the error page with the
     original HTTP method. If the error page is a static file, expected
     behaviour is to serve content of the file as if processing a GET request,
     regardless of the actual HTTP method. The Default Servlet in Apache Tomcat
     did not do this. Depending on the original request this could lead to
     unexpected and undesirable results for static error pages including, if the
     DefaultServlet is configured to permit writes, the replacement or removal
     of the custom error page. (Closes: #864447)
Checksums-Sha1:
 6f99e5326b8cafe987e4cbee2341809e5052b2f6 3013 tomcat8_8.0.14-1+deb8u10.dsc
 e5b7ab130945d00d0bd92739e92dc3f036f145c4 77852 tomcat8_8.0.14-1+deb8u10.debian.tar.xz
 c46e4265dab09229ca4df9422c25c6e0a34fb4c8 58388 tomcat8-common_8.0.14-1+deb8u10_all.deb
 a83c5f514408b0ab1745d48f673179f0d96b51c2 48120 tomcat8_8.0.14-1+deb8u10_all.deb
 bb7d6eb8251b17024dcedd08b49ec92f058c0c71 35558 tomcat8-user_8.0.14-1+deb8u10_all.deb
 44e8be7ae7b2c173c5f2722452e05f3a5f6627d2 4592508 libtomcat8-java_8.0.14-1+deb8u10_all.deb
 53c333eb3282fed4a42f73663ff82f78cef46d81 392968 libservlet3.1-java_8.0.14-1+deb8u10_all.deb
 68017d2f8ce71ab61523e21a7ed4eb9767faa7f7 247930 libservlet3.1-java-doc_8.0.14-1+deb8u10_all.deb
 399dcc94d86245c15dc836161ff2b6215ef34933 36988 tomcat8-admin_8.0.14-1+deb8u10_all.deb
 486e5fdab33499b6a5b1085b38ee7bd2e4eba907 194830 tomcat8-examples_8.0.14-1+deb8u10_all.deb
 2fd45827426af6ce16671bcd569004f0334c5d5e 690056 tomcat8-docs_8.0.14-1+deb8u10_all.deb
Checksums-Sha256:
 a9b7bceacff85893701c290ff24dbca64c98bee34d4b0da3459194029d0a5d56 3013 tomcat8_8.0.14-1+deb8u10.dsc
 e43fc24db9446eba1bf8b68e8c031b71ccef26b0695188fb05c1ccaa3d516042 77852 tomcat8_8.0.14-1+deb8u10.debian.tar.xz
 a1fef9265283f21f99f641fb9890ec3337f5ea1fd59795551164a1396ecb025a 58388 tomcat8-common_8.0.14-1+deb8u10_all.deb
 c6cacc3a0c400da43c76e3067f5ffff9c0e070b2d1d66ee178f855a11cd9b2f4 48120 tomcat8_8.0.14-1+deb8u10_all.deb
 17728d81b3393c98013aa879d9bd1811bdea766a859b5269ac975fe2c30f9d41 35558 tomcat8-user_8.0.14-1+deb8u10_all.deb
 e0d19dc72d527bc2c8df6877d56255fd132812ee57261072848c165e807abc40 4592508 libtomcat8-java_8.0.14-1+deb8u10_all.deb
 58e2041b84de498ac6971cbd44aa96d3e706e7a32d260bedee7fccf896f994e6 392968 libservlet3.1-java_8.0.14-1+deb8u10_all.deb
 fc1cf9b33d5832978f75876e3fe642566115802a6e07106d4315aed982c1c5f9 247930 libservlet3.1-java-doc_8.0.14-1+deb8u10_all.deb
 869d729b1d52be7a13bfd57b94f9d5a13527233ec0358674157faa3a48de13c9 36988 tomcat8-admin_8.0.14-1+deb8u10_all.deb
 67362674e90e9e07aab912a26737c1290114af069aa1c3ed30868c31e545f278 194830 tomcat8-examples_8.0.14-1+deb8u10_all.deb
 d6a1e5a113c5396d68b801d25422b364463bdcdfc7e74ad46be8e7b490eed500 690056 tomcat8-docs_8.0.14-1+deb8u10_all.deb
Files:
 fef02d27967ab21df4c12e6dc2f49c15 3013 java optional tomcat8_8.0.14-1+deb8u10.dsc
 ec911468b97612986c65c4a04fcd9d46 77852 java optional tomcat8_8.0.14-1+deb8u10.debian.tar.xz
 a7fefff5e159e54ce79d0d2e54ccc1b4 58388 java optional tomcat8-common_8.0.14-1+deb8u10_all.deb
 e02d0608b563245910b34f32995a6ed4 48120 java optional tomcat8_8.0.14-1+deb8u10_all.deb
 e7e27e763866442697073b90b2de9f91 35558 java optional tomcat8-user_8.0.14-1+deb8u10_all.deb
 fb62929705dbe47cf4972b525e890ea1 4592508 java optional libtomcat8-java_8.0.14-1+deb8u10_all.deb
 cb959fb2271ff903e6d5c79cfcc94c56 392968 java optional libservlet3.1-java_8.0.14-1+deb8u10_all.deb
 c9e8a2ca571525f9956609f91ea2ce66 247930 doc optional libservlet3.1-java-doc_8.0.14-1+deb8u10_all.deb
 529f3b30dd29da0b4d0bf3d8dec83218 36988 java optional tomcat8-admin_8.0.14-1+deb8u10_all.deb
 a03a32e2e8b4636f480a0dd5a9f421aa 194830 java optional tomcat8-examples_8.0.14-1+deb8u10_all.deb
 5e8dccb7e192ceff4c28cd1ea0a5b2f9 690056 doc optional tomcat8-docs_8.0.14-1+deb8u10_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAllJapFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkAqcP+wTqJLJFzjIUVGcnTk7JecTv7/aHbqbompXN
kbhRBMzwHEPvRcTM+c0q3cnmi/h1RracpD1LCm3N6gjgGo3mWm/qqHSf2zJxEwNy
qDdsqAJxRYi39t0Cqnre2Z5Q5OBrhcIrb3TXGd7CES9XTVreq1QO8hTTBOmQY6JS
SjqYef2yJQFv3RKC1/vKqt/Sd+cpshfGTinz74d8mw2rOz0P2wd0K/hkPahbJM1r
30XWZX+A05Wq/YvXK5aq2aVKn1A8UHhnnK3q555OaS1Khg/KqqXRzSeDum2U65IU
PtkvQ9aRs8XfvqpHnJlpzlOi0zLT5tWcFk0VIMmjkAI2HUb9J2KDuMHID6iw5pj6
27ZaDMrHrykNIXEUFF9flFXt1nVZm4C6oKeYzPfEW1z6sS0as/QHdE/FAnXAzJgH
iq7syumJmf0ZEt80uR4ylRkWnKpM+GCp0TM/Pjki/IZ/QP4mOXnow4kg4+D5K4KT
CDKycRD77VRluJ3Ncpd+7wmPaGQ6LRQDUhFGLy2CsihnGfL1lRH615fpoagayI+S
v0xLQfGr5aJeikdPq1Ska5xs0Rt5C/lnvKc+jjizx7q3Waqmzp0Hls3n0gK//W2x
CmWxa2f71NcQrnrKkJjw7ENhm6oENBgasdZfZIDgQ7EHIcII8ESA67SxvuY7o9TE
jnq75SKG
=QZaQ
-----END PGP SIGNATURE-----
News for package tomcat8
