Debian Package Tracker

From: Markus Koschany <apo@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted tomcat-native 1.1.32~repack-2+deb8u2 (source amd64) into oldstable
Date: Wed, 22 Aug 2018 16:10:29 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 22 Aug 2018 17:48:50 +0200
Source: tomcat-native
Binary: libtcnative-1
Architecture: source amd64
Version: 1.1.32~repack-2+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libtcnative-1 - Tomcat native library using the Apache Portable Runtime
Changes:
 tomcat-native (1.1.32~repack-2+deb8u2) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2018-8019 and CVE-2018-8020:
     When using an OCSP responder Tomcat Native did not correctly handle invalid
     responses. This allowed for revoked client certificates to be incorrectly
     identified. It was therefore possible for users to authenticate with
     revoked certificates when using mutual TLS. Users not using OCSP checks
     are not affected by this vulnerability.
Checksums-Sha1:
 86ea32a42eb0ab6d8ee9065ab9f684cbd22be663 2267 tomcat-native_1.1.32~repack-2+deb8u2.dsc
 07b2309ed1fb241f3bb16107f182ed565fd3e29e 7556 tomcat-native_1.1.32~repack-2+deb8u2.debian.tar.xz
 8dac89241565267035abb04fbac15bbb5a81ce82 84934 libtcnative-1_1.1.32~repack-2+deb8u2_amd64.deb
Checksums-Sha256:
 ee54bb984cf05dc90922ed4adfdfcdc3434593fb873ad3bcd2fe537a6b02ea36 2267 tomcat-native_1.1.32~repack-2+deb8u2.dsc
 bd72623cda9c0799aa09e158a6f906ab8f8e95e3f5b763dccbb6351cba5d71a7 7556 tomcat-native_1.1.32~repack-2+deb8u2.debian.tar.xz
 7ad0b2a8530aab33e6063de1ef5965d99b5cdb3fbddee8c541e514821b87e86c 84934 libtcnative-1_1.1.32~repack-2+deb8u2_amd64.deb
Files:
 75e8a18b08ff64ae647ba5b4ca0ea4a6 2267 java extra tomcat-native_1.1.32~repack-2+deb8u2.dsc
 9986271d6a51fbaec3deb6556350ca66 7556 java extra tomcat-native_1.1.32~repack-2+deb8u2.debian.tar.xz
 002ee0529d50c6ec0a86b22ed3bb2182 84934 java extra libtcnative-1_1.1.32~repack-2+deb8u2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlt9h9xfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkgKkQAKLo2QIFiOOKyxDVWhD2H0d2p3zypXAe33gw
60XLBYMA2zPk3SNiFBHuse3Lhcn9IrEoAc2laoT4kUoDofFWMeMW2K8LJLQA6QNI
IeESX8F8XKtLsdB2UChPnRSeatJfC0dNQLEb34fgheNwNARegtY9mScp01eVCpEG
ALjxZvecsZhHvt63FUm8TphV0JeotO+bLYov4KRXrCHvDQITUCy5XqhmsCOr54L3
ilJCBS8s1HeH5k09NYXPyvsvRoCmQnf8QJXqVqqXXwMFgLL1pMMMceXhOII4selW
OoU/xnCNMakPV2zo9zIwFkyNh8/LQ7IgoDmkr+Q4tTd5z2ReTMu+W/ANYVT7Dibn
DY6C4I27vXUhnteFuPz1SrDP+/Wualog3+ncREeHJgQaN3Uiugd/RCVkWXwNVndG
V6AnQrXe4wy2hc2+0tXg3qG/HKWGd2nXD0Y7SoIAirUKAt19p3rcxjSo+cOk8FgZ
8RaxAQYOBm8Ff6ByX1GCU+4+/DZJZ5TB5/KAgr7hk6pyT92Jt53piAEvakoCH9Ri
owRyi4n8q/IwBquuundGCdge/qZ44A97p/BzCqznOZ3oRXQZFAZkVMniAu7t24UC
ylt3MKXGjfCD/9EtrOzqAKK+Tu3TFM8vTMwZios7n3uutvR6T9uRCceHXcrDqwIz
56bUTp5N
=j2Zd
-----END PGP SIGNATURE-----
News for package tomcat-native
