Debian Package Tracker

From: Markus Koschany <apo@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted tomcat-native 1.2.12-2+deb9u2 (source amd64) into proposed-updates->stable-new, proposed-updates
Date: Thu, 04 Oct 2018 19:17:35 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 28 Sep 2018 23:51:20 +0200
Source: tomcat-native
Binary: libtcnative-1
Architecture: source amd64
Version: 1.2.12-2+deb9u2
Distribution: stretch
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libtcnative-1 - Tomcat native library using the Apache Portable Runtime
Changes:
 tomcat-native (1.2.12-2+deb9u2) stretch; urgency=high
 .
   * Team upload.
   * Fix CVE-2018-8019 and CVE-2018-8020.
     When using an OCSP responder Tomcat Native did not correctly handle invalid
     responses. This allowed for revoked client certificates to be incorrectly
     identified. It was therefore possible for users to authenticate with
     revoked certificates when using mutual TLS. Users not using OCSP checks are
     not affected by this vulnerability.
Checksums-Sha1:
 ebe61914d9ea22ee649febf941f5e0a8dd63dc03 2229 tomcat-native_1.2.12-2+deb9u2.dsc
 62f457aa9af54825f2ca6e9791f06e1b012c2a2f 243776 tomcat-native_1.2.12.orig.tar.xz
 2cf315ded40e47cd8c19dbc801e2992241f747bd 7060 tomcat-native_1.2.12-2+deb9u2.debian.tar.xz
 ca220a08642cdca4efad2f715d5e354545549be1 355604 libtcnative-1-dbgsym_1.2.12-2+deb9u2_amd64.deb
 b8471930f7feab487f0dc2aed9e9dad5174985d6 84324 libtcnative-1_1.2.12-2+deb9u2_amd64.deb
 0c369963e7285fb12ed129b2ec024bc4799beddf 11178 tomcat-native_1.2.12-2+deb9u2_amd64.buildinfo
Checksums-Sha256:
 32e97c0dd61052bdf7fc3a1341ee345fa82b0dae9cd4f822cb7bc6e70a2fc580 2229 tomcat-native_1.2.12-2+deb9u2.dsc
 ddd59cdfa34331524c6a95605fa7f5077887d6cb14f4c663eec69102ec48b73a 243776 tomcat-native_1.2.12.orig.tar.xz
 890d3a6c3fb5e413a67717da8999e5fc0a71b520c12fdf6b0dea498b57ae9cd4 7060 tomcat-native_1.2.12-2+deb9u2.debian.tar.xz
 adddc55f6afa8555822b086db6cc3f04c1da597622fd11430377e903c77a0371 355604 libtcnative-1-dbgsym_1.2.12-2+deb9u2_amd64.deb
 7989cc6b626340fffa800f1d4bc5db4215aafaafb23f4f5644710ec97604d72c 84324 libtcnative-1_1.2.12-2+deb9u2_amd64.deb
 71ccd7fec2fc1717b28a19fcb259dd1ae177c8d153c75bd297e6c749d38f0261 11178 tomcat-native_1.2.12-2+deb9u2_amd64.buildinfo
Files:
 b30c854d176a7103bbd13a43f54f953e 2229 java extra tomcat-native_1.2.12-2+deb9u2.dsc
 5b7c3866cbc0a037f727a1a698522e59 243776 java extra tomcat-native_1.2.12.orig.tar.xz
 395e45b446a28a59064c381533f8635c 7060 java extra tomcat-native_1.2.12-2+deb9u2.debian.tar.xz
 4dfc6eab4fa12ea5efcdf32ad39ac6a2 355604 debug extra libtcnative-1-dbgsym_1.2.12-2+deb9u2_amd64.deb
 6f8664493acc96297c0554a46de220d4 84324 java extra libtcnative-1_1.2.12-2+deb9u2_amd64.deb
 324a03d125eb3a2b61a6c9b2f8fe9002 11178 java extra tomcat-native_1.2.12-2+deb9u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAluurkpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk5vcQALUJ7SaF6ZEpYg8QF+0T0vp8bQxkiyXQX7SB
jGy3fYTh2mc5NLD+c7MbUWCbFrBnkMfocvH0BhzR1dtzJ3bFApQU27uCaKFJEuzy
BX1RLTURmzvEHysRikv4hQ+fEPd26QCZiEVlsQaPrkWpFCLw85uemk/DqswmaheM
WJecV6QmKbCVd2OtsHW6y7qppbFd0KMhkmttLqPIckxzyZfml3C2feG2WijNDRvW
9oRmZBoWQG9UgmHiJAuZTVgKSgHzBxMgTH8VRK6rLDXKi5OXGsIKKT4nG3mO+dcL
g72nJHmNogvxvIAj+c0uZxXTX/JOYTWsu1SrHzuupMrYW+rRZSCw0sOVpgDx2rdl
bFSTMBPU93bPUKjSwTGuXrMjWYh2gQbhmzAEdvqoUdrJUp37m2h2VDBz9E5r8T3n
sc6C2nr3gDb3EFdHI+wumyqCHkuvSLkGrakap/gb5m2sObYp96aDYyUxsM91G8js
gDHlDSmL7fCaeQOVNhmX5q+nBWYLbfPo5rY0eutTSvBVEo9LCT7gdoIPrkG42FkG
+HIB8tPaoKt7CLz8wSLxY9OAtN6q9p35IrwfouZSPFQECjfZAeR1tZJz+KH9uGco
C0Njcz1WLfJQxZrqYkdMtUBYmjXX+KF4cPgAu3btQ9bN3QRhqmshyfBij+Vyw0nc
oWIsXSVR
=zZtE
-----END PGP SIGNATURE-----
News for package tomcat-native
