-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 14 Oct 2018 20:04:48 +0200 Source: tomcat7 Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs Architecture: source all Version: 7.0.56-3+really7.0.91-1 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation libtomcat7-java - Servlet and JSP engine -- core libraries tomcat7 - Servlet and JSP engine tomcat7-admin - Servlet and JSP engine -- admin web applications tomcat7-common - Servlet and JSP engine -- common files tomcat7-docs - Servlet and JSP engine -- documentation tomcat7-examples - Servlet and JSP engine -- example web applications tomcat7-user - Servlet and JSP engine -- tools to create user instances Changes: tomcat7 (7.0.56-3+really7.0.91-1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-11784: Sergey Bobrov discovered that when the default servlet returned a redirect to a directory (e.g. redirecting to /foo/ when the user requested /foo) a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. Checksums-Sha1: 69fe475c0aa8ab4cb71914cb83945dbccb0d7668 3026 tomcat7_7.0.56-3+really7.0.91-1.dsc f12c63ba44a21742eab95c3f1811f4ba93637bb9 3281060 tomcat7_7.0.56-3+really7.0.91.orig.tar.xz fc26b2d96536f81959489515b19d55b6283ea155 52716 tomcat7_7.0.56-3+really7.0.91-1.debian.tar.xz 521d04e79dedbd18bbf0ece045738ac7a4ea4d94 295406 tomcat7-common_7.0.56-3+really7.0.91-1_all.deb c3356d86eff1017c2fc6d563493401d4aef8301f 55244 tomcat7_7.0.56-3+really7.0.91-1_all.deb d99a3f9b073c0c44c54ee43673da92a9accde28e 42644 tomcat7-user_7.0.56-3+really7.0.91-1_all.deb 9bbc767692fad96c3d8137b8897e67e994fc9b2d 3821596 libtomcat7-java_7.0.56-3+really7.0.91-1_all.deb e5332327e74b804b9a3f6eb7b287adf09c225027 317882 libservlet3.0-java_7.0.56-3+really7.0.91-1_all.deb 48f77ee53eb20cb3b3ada0d451232d649d5a99fd 209344 libservlet3.0-java-doc_7.0.56-3+really7.0.91-1_all.deb 7448de562dee42e699e14ba918897dd36883a0a8 39076 tomcat7-admin_7.0.56-3+really7.0.91-1_all.deb 99246607e99e06a19bbdeeed38305bb448b26a0c 202154 tomcat7-examples_7.0.56-3+really7.0.91-1_all.deb 5975a072db7364bf45568915346e4b743c116701 687968 tomcat7-docs_7.0.56-3+really7.0.91-1_all.deb Checksums-Sha256: a7eabea262fabfaa93709ae8572dd10bfe14a5f45d0c477a41283aeec6bae495 3026 tomcat7_7.0.56-3+really7.0.91-1.dsc 21c322beff39fb7923dc16920bcfae09d754b05fbd82d91d25c2bd2f5493737e 3281060 tomcat7_7.0.56-3+really7.0.91.orig.tar.xz b73a73db5d4f619abee8f114d4a0facdba22616d2ace290a2428891095274098 52716 tomcat7_7.0.56-3+really7.0.91-1.debian.tar.xz 05328f4b8f2911cce8dad00d5a20518de9526e24fcdca1b07bf3e4208b6b0e39 295406 tomcat7-common_7.0.56-3+really7.0.91-1_all.deb c3b56f3678644fccf6f8d4e217d218e92235370e74a83133620dd2081b44888d 55244 tomcat7_7.0.56-3+really7.0.91-1_all.deb 27bdd1708d7408c052b8aa121c7679e736b09f5075a6d665c47443b32b326fd9 42644 tomcat7-user_7.0.56-3+really7.0.91-1_all.deb a475ef66be76480b33676124099b554a865f824277e396ab17c4e136fdd04dd6 3821596 libtomcat7-java_7.0.56-3+really7.0.91-1_all.deb 2f5161cc3072bee37056ea8e3bf89bcf5223bc7c9870c1ae65568a0eae51d027 317882 libservlet3.0-java_7.0.56-3+really7.0.91-1_all.deb ddb2a80018872ce5ccf33d1591acf2a7427a931b33259e3fd026b230e488ce05 209344 libservlet3.0-java-doc_7.0.56-3+really7.0.91-1_all.deb eaef24cd99322eceaa9eaffa05e417d3e696863314bc75c36649541d8beed1bf 39076 tomcat7-admin_7.0.56-3+really7.0.91-1_all.deb ca66d925e13627356a02f3b57ff27b4fe5d6181be827e7c02f5efd693a244389 202154 tomcat7-examples_7.0.56-3+really7.0.91-1_all.deb 88864ac4df41a4463fbdfa262a278b8c590ea817908a81736546c8015dd33905 687968 tomcat7-docs_7.0.56-3+really7.0.91-1_all.deb Files: 8f4cb0742a9838884de556a4af18a3ea 3026 java optional tomcat7_7.0.56-3+really7.0.91-1.dsc 327201f58c939f289e12b3182f77b725 3281060 java optional tomcat7_7.0.56-3+really7.0.91.orig.tar.xz db0c631be5975af5db293e3255f13fca 52716 java optional tomcat7_7.0.56-3+really7.0.91-1.debian.tar.xz 27227bf658b07814d08d02d73b7f0c57 295406 java optional tomcat7-common_7.0.56-3+really7.0.91-1_all.deb e8d589c8dfc0aeffee4eb7d8ddee0003 55244 java optional tomcat7_7.0.56-3+really7.0.91-1_all.deb ce3ab61c8542fe6ee1181ed2b61a8c29 42644 java optional tomcat7-user_7.0.56-3+really7.0.91-1_all.deb 0b5edc54d871330597b252425417dc07 3821596 java optional libtomcat7-java_7.0.56-3+really7.0.91-1_all.deb 12eb522fd32bb9bbe791b16d40ddbbc6 317882 java optional libservlet3.0-java_7.0.56-3+really7.0.91-1_all.deb 2de6ee2b045ceb76fe19e28bd8e5ef44 209344 doc optional libservlet3.0-java-doc_7.0.56-3+really7.0.91-1_all.deb 008fd6faaf921ea8b245be47d11a7d39 39076 java optional tomcat7-admin_7.0.56-3+really7.0.91-1_all.deb 3e84689f2a105df16710588c8cd3cf08 202154 java optional tomcat7-examples_7.0.56-3+really7.0.91-1_all.deb 9139d85bc8f17105410eca637eb6859a 687968 doc optional tomcat7-docs_7.0.56-3+really7.0.91-1_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlvDo4NfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkNCgQAIIS7FovF54NuNrlFFCCpkKgJJQw8d3/NRag dx2hS98S5iJUSzUbSwMYQhw9nVLUfkT+i1Y1M4kTBE0U0+o9yVlwKOMDDOt1He2k GqYcb2DGJHGNk1Rb3CWv4WRuHQ6MecsR2WJj8Iwxr8ePhYVoa72FHzVkxLP68KLd yji/supYi1C6CuXNX0yMxOO0znvPVKZqiPnnUnPvDlvi1hygVO+uZpRlc8B3dAk0 HcKYfnrIiX/s8V+QJwrYD5A08lH07ZUabSJ6fCkF0Rqm5VKdAkdgLd4OEp+gkBmd B3AuQBHyT4BOMVhzjzfZn1Xe6uGE6DYUBr7VBV3IqB/2OGbagY41rMgP7X7ce3k5 6b++wbpHXZDdNdBq5CaiYpgVsBkyiwlN0/XmcBy51W5L69xDkkoUAuQFVYAGmLR1 6r7coRgakCSOMse4b/3kxvfUS+ZKRSlrV7QbaRpmW+FlQQfpLOFJ3LGyTPYMh0GP k0mRzdjmbBk0UogWN+XEAhQ6pWqAd2SIjQoK+K2GR2KeQFBihlpnEPffrMLtrgwf mrYiW2Av+ADz3JpkuhLsxjTDS7PgjusSqJLUMWpG7HN3Wb9XeIvRr8VZIYiWzEHA UBZH8qe4T+FA9vd7R71vP/JO5zcaPybBPLjUrHUS/NS4Qn0fSIscsHNX+DCAZayh zzVcMS57 =5N4D -----END PGP SIGNATURE-----