-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 01 Sep 2018 11:13:51 -0400 Source: tomcat8 Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs Architecture: source all Version: 8.0.14-1+deb8u13 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Roberto C. Sanchez <roberto@debian.org> Description: libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API classes libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API documenta libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries tomcat8 - Apache Tomcat 8 - Servlet and JSP engine tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web application tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web applicati tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user Changes: tomcat8 (8.0.14-1+deb8u13) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. * Fix CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. * Fix CVE-2018-8034: The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Checksums-Sha1: b163f2eaaa6333848469de7fd157d4baa7736ef7 2891 tomcat8_8.0.14-1+deb8u13.dsc 9a88c213747a5c7d80e2af78cbff561b7dd419e3 82740 tomcat8_8.0.14-1+deb8u13.debian.tar.xz b3559baf6ce0776044cfb2bc17f61a42802b4856 59230 tomcat8-common_8.0.14-1+deb8u13_all.deb 3b908a20ea61abb648d0cb5e179891ee12ee300d 48692 tomcat8_8.0.14-1+deb8u13_all.deb 36c66af7dbbb14447ac930092be86136e26804f0 36272 tomcat8-user_8.0.14-1+deb8u13_all.deb e0ab21c2792412cdcc88fd1582b5fcace1bedd4b 4593212 libtomcat8-java_8.0.14-1+deb8u13_all.deb ac0c8915e0609428901276a14173b4adb3408faf 393728 libservlet3.1-java_8.0.14-1+deb8u13_all.deb d05f3450e1fa27c7fabce8ca28488546f295ba53 249418 libservlet3.1-java-doc_8.0.14-1+deb8u13_all.deb 2b9b2e7f962a19f2e1f19a9b47101ae3563e6f53 37716 tomcat8-admin_8.0.14-1+deb8u13_all.deb c375b7e082c189a5f550147762170036b746f238 195938 tomcat8-examples_8.0.14-1+deb8u13_all.deb be871a7541d4c1a3c81f8c06e4cb8146d5af8cc0 690102 tomcat8-docs_8.0.14-1+deb8u13_all.deb Checksums-Sha256: c6e35ddb441d17934399e756a01ebad4f39ae0169f045d6bfec2a7b59fa4faf1 2891 tomcat8_8.0.14-1+deb8u13.dsc 2a1ace13c29952adbd8907bd8a8dc61e3a9b63a6f530cc717feee387aa508231 82740 tomcat8_8.0.14-1+deb8u13.debian.tar.xz 4e627ef5882a1058eed05754950e0f28c450fceb54c5676740998c11ecc5354a 59230 tomcat8-common_8.0.14-1+deb8u13_all.deb 896de6184cc187279ebb2ea6597f1c1980fcf1650f62ea162754497aa5abcb5d 48692 tomcat8_8.0.14-1+deb8u13_all.deb 56066128b0e6247692477af84020c2772ed4067e1d32db60d91cc20b80aff9ef 36272 tomcat8-user_8.0.14-1+deb8u13_all.deb 4a737a88744294215f331e35f99698294cccb0d31c3e26eb9a14b7dad4d2b5f3 4593212 libtomcat8-java_8.0.14-1+deb8u13_all.deb 55310b5383c85033c7f2b55159b293d5b69707f6f3dad28ef42504868771c286 393728 libservlet3.1-java_8.0.14-1+deb8u13_all.deb 9621ebd1f40f3c4bf321144af04706c422feeb189833376c7941b59f147eb63e 249418 libservlet3.1-java-doc_8.0.14-1+deb8u13_all.deb 65672ca8666308b8859897c568e8b8113ea0ae1379e0cfdf2ea1b3d020660c9a 37716 tomcat8-admin_8.0.14-1+deb8u13_all.deb 1db738fea61ceb0cec61954b85f579d7f6037dc9f7c7331d8e420a6457f79115 195938 tomcat8-examples_8.0.14-1+deb8u13_all.deb 415b80f5e1797019ee681a2c25a521589282b2d0214f271e7be1d68a8e2dd210 690102 tomcat8-docs_8.0.14-1+deb8u13_all.deb Files: 18f897461dff25ca3f8fe11fcedae1b7 2891 java optional tomcat8_8.0.14-1+deb8u13.dsc 4d5ed85f2496856497c2f41a6851105a 82740 java optional tomcat8_8.0.14-1+deb8u13.debian.tar.xz 67375b42aeeed52c7d9b5620faef511d 59230 java optional tomcat8-common_8.0.14-1+deb8u13_all.deb 4242f883ab7d533c9ef697fe71b80aea 48692 java optional tomcat8_8.0.14-1+deb8u13_all.deb 5e0162931eeafe4fff3597188a6bc28a 36272 java optional tomcat8-user_8.0.14-1+deb8u13_all.deb 96795bb49563df5259f042c3a52f3bb1 4593212 java optional libtomcat8-java_8.0.14-1+deb8u13_all.deb 72f7ac88614f8a8187c772934015df2e 393728 java optional libservlet3.1-java_8.0.14-1+deb8u13_all.deb 466a34126bf8158dc5947a8ad3d1a1a3 249418 doc optional libservlet3.1-java-doc_8.0.14-1+deb8u13_all.deb 44d80e59ad1e5720b1123eaaeaa7006c 37716 java optional tomcat8-admin_8.0.14-1+deb8u13_all.deb 76279e92daed3d692fc3165c7dc28248 195938 java optional tomcat8-examples_8.0.14-1+deb8u13_all.deb c8e0fa1c503fb84f934fdee136462f7e 690102 doc optional tomcat8-docs_8.0.14-1+deb8u13_all.deb -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAluMIrkUHHRtYW5jaWxs QGRlYmlhbi5vcmcACgkQIdIFiZdLPpYAyg/+OHT6eG8F3tyzisSgAOfr4zz0G0QN Gms54/8adPlbQKISaXtkcUUznbzOjg+XBszonYxIGlxeDG+223gxhDgwQT84Hti+ qOwnSHFwMDQg+eBQe2Coii+4a3HrJr4+JmmHI0hDrApMHe7we0vta0RGunNMzPOf INinfjzRfGxM3MlKtfpyNhPLqKjBVTbzjCNy1fkOF9HpGzylxPz3OIPyEyhuxJb4 TX+06OeJ5E1fYclwotDB5m8Rv9aK2nFPvga1pNovgQQ6bqk27jtA4Hxft2XEP4Aw GYggGQG819O8080Ou8GZWmq3I+/uSUU4jLpDw459L60hy5zu7sackH2VLE4V6OeW Z7UVbel81ZPzmdA4n22qlrciZ8A8XTR9HePoFgLY0OBfeJXShDv4BdH0cPj2Sigq sFpxGIuH3ZwJE//KHFpVfJKAQ1y5ypWhtFDzGOfyKVpFeLzer2z+wYWuU7OZut2A lvAghe8690FZd3XvOMFx+z01/yAl7EbVqSUBo+S51usSYgqf8ilFoOnH+V1Iq2QK aPDzYC4mYQqt7nIgG9N68tcdINNae4eHwa7i6dBl7iA/nvvTYT8GvngxNyFu+z5G Q4QR5aGFiNLaATesapwZ2/NKOEJC0sbYdCeI44W1bNeNLXHAN1TKuCcF2TFp3eK/ GZUAUTnEsxcUMQM= =FPS9 -----END PGP SIGNATURE-----