-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 15 Oct 2018 14:03:25 +0200 Source: tomcat8 Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs Architecture: source all Version: 8.0.14-1+deb8u14 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API classes libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API documenta libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries tomcat8 - Apache Tomcat 8 - Servlet and JSP engine tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web application tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web applicati tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user Changes: tomcat8 (8.0.14-1+deb8u14) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-11784: Sergey Bobrov discovered that when the default servlet returned a redirect to a directory (e.g. redirecting to /foo/ when the user requested /foo) a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. Checksums-Sha1: 483bd2b2c0b26b9d4aaba5b973cb6f04f02ac0be 3013 tomcat8_8.0.14-1+deb8u14.dsc 386cde1ba24e2b35b910dff32d9cc3ab7f8195ed 83496 tomcat8_8.0.14-1+deb8u14.debian.tar.xz e5cedf46b9ec9180944a4eec0a9282412aac0214 59290 tomcat8-common_8.0.14-1+deb8u14_all.deb 64a1525eb33f8c478560c109558f1c8ce59db2c3 48936 tomcat8_8.0.14-1+deb8u14_all.deb f93d431280b9752ee58ffdc776dba62fe830bb0b 36376 tomcat8-user_8.0.14-1+deb8u14_all.deb 9dd8db299c38f5dd1411751e18e048ec29c35e6a 4593594 libtomcat8-java_8.0.14-1+deb8u14_all.deb fc9cda1b97edb504d8d21cb76772f38bb23afe70 393962 libservlet3.1-java_8.0.14-1+deb8u14_all.deb 8a54097693c6625fe33576bc73f834dc9c8bfc5a 249606 libservlet3.1-java-doc_8.0.14-1+deb8u14_all.deb f0fca34ff7506ceb84c8f9a676154af9a4dfd9d0 37742 tomcat8-admin_8.0.14-1+deb8u14_all.deb c622c2a7e6398fe5153fb7e53947204d78a785d9 195998 tomcat8-examples_8.0.14-1+deb8u14_all.deb 8dd5a377f9c682ea50c34ade4973779299a21173 691472 tomcat8-docs_8.0.14-1+deb8u14_all.deb Checksums-Sha256: e2c2423481bd85e92aa36fba817c30ece577ebc18eb6979e9401a2934ea1c532 3013 tomcat8_8.0.14-1+deb8u14.dsc 442f04ad5ee3f95bd45f9dbd5150abd27700514b11c437ab9cf2384ae6da395f 83496 tomcat8_8.0.14-1+deb8u14.debian.tar.xz dc7a757ef96de370dcff43665cfdbf484be76fe9b7105ccd9b2c27e5760897f3 59290 tomcat8-common_8.0.14-1+deb8u14_all.deb 1c829d3de94ad175f5a2ebb5d5340eb73cce9f7dc265ff6b13c1683e818f2f73 48936 tomcat8_8.0.14-1+deb8u14_all.deb a024135f3d7bfb0c24b942ab27d97398fd6494f6ee0481d910f348fd75153cd0 36376 tomcat8-user_8.0.14-1+deb8u14_all.deb e50f8a639c4ea95cfa531fa4b71d882543c4364f3f5e72e4e9842a7c5c202c7d 4593594 libtomcat8-java_8.0.14-1+deb8u14_all.deb 0fc511340e82e1a020681cdb0cf096d911c4cd8ed124c0e716e2dc7699c31a4b 393962 libservlet3.1-java_8.0.14-1+deb8u14_all.deb ef139eb546bddc4368190d890a90d867e62e94bf0a26d434c636b4add794486c 249606 libservlet3.1-java-doc_8.0.14-1+deb8u14_all.deb e0871b7c740d51c4f1501013d7dc0e7d105d8a3c30e676a51c81abc077b3ba8f 37742 tomcat8-admin_8.0.14-1+deb8u14_all.deb 063a2970950c7c135a210a9ac818fc579ad05e986fec3515d6ad1c658af65357 195998 tomcat8-examples_8.0.14-1+deb8u14_all.deb 822a137d052ebc85127f73d70b5d1b93451d95b6ca6628afd373cf5d0c2a4b32 691472 tomcat8-docs_8.0.14-1+deb8u14_all.deb Files: 71c81dd1bfa3cf6e2e4152dfb2509e48 3013 java optional tomcat8_8.0.14-1+deb8u14.dsc d43a3a875d44d7c09fd65cc232c33e85 83496 java optional tomcat8_8.0.14-1+deb8u14.debian.tar.xz 58cb5a3f4978cc2fa46d786f0de4a1a8 59290 java optional tomcat8-common_8.0.14-1+deb8u14_all.deb 6e50478115aa2b0ec6cf1f1325737fc0 48936 java optional tomcat8_8.0.14-1+deb8u14_all.deb d7b461f9384d6394d6b8387c7639dc50 36376 java optional tomcat8-user_8.0.14-1+deb8u14_all.deb 49fdd2fdf18af38885aef5d71ede9c07 4593594 java optional libtomcat8-java_8.0.14-1+deb8u14_all.deb 57c90210da0d50df98d2378d9ff5765a 393962 java optional libservlet3.1-java_8.0.14-1+deb8u14_all.deb 0a15081777f61963f71c6472b42c1492 249606 doc optional libservlet3.1-java-doc_8.0.14-1+deb8u14_all.deb a9fdad03f03b8f1aad3e7b819e7a0865 37742 java optional tomcat8-admin_8.0.14-1+deb8u14_all.deb bab2fca7699716779adbb0afdc824543 195998 java optional tomcat8-examples_8.0.14-1+deb8u14_all.deb 4a15fcfe0b317103e6d9a62c55f1a1fc 691472 doc optional tomcat8-docs_8.0.14-1+deb8u14_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlvEr+lfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hkb0cQALd2kVAWwEpPNGbv2Aw5mGsyA9kcINcHnea9 E806Asv/U4qMEoQwZBrRb+QzwDTcRCCEKs4Hhqjv6PcVkCstbe+QlNHM26x7owIs ZKF08KOtKUP1aSb00wN0EhQlRn0vK3VUP4w6Dur8AkRAw+1QUSxMdAfZchYgB2mF KmTvPSEsD45FDPFgXVYxi/jstsh9sZKbdyV2/FCQxbVlLeFVpyHWLzMiwITA+/6c L7h4uVVQrdVHUAdm2cdMVvP8ZF/61vexjXsH65h2DEFNyoNfdNP7gMQ5s99KlIFw WPWwZQiLygzNLqTYZD5gG/ppRoMGMEnGsIWB8KaYbzwTv1GtiL5NyZNF85XVT0OU 4Hk/HC6mOYRx+o9LYjUysx0StvaYf8YWxnFGTv+5mlIaMbuCj3pNH9S7IyMZQ+1A uP3bFSnVqm3auVcgaEBjvIaV6RfIFpEbPKNZb++5Sy8Bpc/vl6aEVR1b+zY0y4X+ FB3Kld2YdDXy2PWbOKlWrTwDD3Sffh/dN88OnXfIvVOBgc/v4jEjg9zsq9ag7vzj 1j01369etKLn8y8R7o30dWHJpypFlebZYB02srQz3RJcivdJTRE8r4CvnMA2aCrO Pl7daLLCkK76SR6qwW9uYgJwiVvnSA6tAgwIaDMyy3BVn1rHbRR6jEoCjcrnbdpx pa0A+KmV =+W6j -----END PGP SIGNATURE-----