1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted tomcat9 9.0.31-1~deb10u5 (source) into oldstable-proposed-upda

    From Debian FTP Masters@21:1/5 to All on Fri Aug 27 13:30:02 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Sat, 07 Aug 2021 18:25:15 +0200
    Source: tomcat9
    Architecture: source
    Version: 9.0.31-1~deb10u5
    Distribution: buster-security
    Urgency: high
    Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
    Changed-By: Markus Koschany <apo@debian.org>
    Closes: 991046
    Changes:
    tomcat9 (9.0.31-1~deb10u5) buster-security; urgency=high
    .
    * Team upload.
    * Fix CVE-2021-30640:
    A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to
    authenticate using variations of a valid user name and/or to bypass some of
    the protection provided by the LockOut Realm.
    * Fix CVE-2021-33037:
    Apache Tomcat did not correctly parse the HTTP transfer-encoding request
    header in some circumstances leading to the possibility to request
    smuggling when used with a reverse proxy. Specifically: - Tomcat
    incorrectly ignored the transfer encoding header if the client declared it
    would only accept an HTTP/1.0 response; - Tomcat honoured the identify
    encoding; and - Tomcat did not ensure that, if present, the chunked
    encoding was the final encoding. (Closes: #991046)
    Checksums-Sha1:
    13ee7b4eecee04bd1a42ab13c9e83efb9b068404 2889 tomcat9_9.0.31-1~deb10u5.dsc
    1d55b69e2301380ae8748a47fe5d5f7d82e27cdd 45268 tomcat9_9.0.31-1~deb10u5.debian.tar.xz
    c173d62dec80af022a0eb36190235e7d48a1f89c 13962 tomcat9_9.0.31-1~deb10u5_amd64.buildinfo
    Checksums-Sha256:
    f9a4b8599e83f44403f41bbd196402a30a79ee6484be3b2a096295c506537028 2889 tomcat9_9.0.31-1~deb10u5.dsc
    9ab55c9a9eee46b1864bd06e44814676fbdda458bd48183694387e423e0dcb1b 45268 tomcat9_9.0.31-1~deb10u5.debian.tar.xz
    6da518549a9daff8359e86064e20518e936d5305b82ae53c609d4ac4a12a3255 13962 tomcat9_9.0.31-1~deb10u5_amd64.buildinfo
    Files:
    e9c3ec417056a356a7095ed0da98bb87 2889 java optional tomcat9_9.0.31-1~deb10u5.dsc
    b018a1ed7f2557098e011cbd54c786da 45268 java optional tomcat9_9.0.31-1~deb10u5.debian.tar.xz
    837e7325055c9cc38c9a1823b9542fd2 13962 java optional tomcat9_9.0.31-1~deb10u5_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmEP2ZFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkvHUQAJhRnRF1ioH5zDq58Ol8U/LvE0vOlgQkFt5w 9WTx4V+NijH55eUiKTYk86Iy9vFhXOE4exHAKH0mH+3FHk54CiqWBkAJETtFRb/u pnJ6MAkoHQJXMSNkcpP3LJ9Rgw+zKxhBg+cC96xIw+a+6lVSvsiPPE0qcKp3QuA3 P4f+gkPS4WwaSkcezQVRDvASpk49dOCz5tpxAeoK7AoYpoRePmKuKVt5PNxHAoc8 E4WZZKLvs0baD3AoCxjqaWkXFpOFNZptt7UyT7dIBKM8oxvffaxm9+tCLuJDQLJn KeeOZde6iWJ6NrczxJ5kyFxRd4jr9jVEGJiRYT3pCH606OPH4p4gdszu3BcQNfZp i6j4U2rKzjr+iARTINpHbZqGITzdVSNHxPWs/zrlyV5ofMKoQewxXLz3sCMlNmvG ONGnQ0VAU6ZHbUG/A+mKyaQhMgvyAm8wmwZvWKWAlLMK2QqzfFwZeg2NxKjh3zx5 hOA85YsmeCNC0vWNvJHo/Ux4rMQdVY2k4XW+yzgSpJz4v5luL5wujV+NGQLzXnvW 6zkL0O6yCk6ig0SI7ABj7QYIEO86a6YmdQhWXUtQ+Cn5ZPFkJ/G8WJoXt/tl96kk 5sZvQli/Q6VHV5vpwGfAizNqWqgyLvyIdeOt8QIxzIBrzhl77b4frI2EASokOzk7
    amEKYHtq
    =LqJi
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)