1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted tomcat9 9.0.31-1~deb10u6 (source) into oldstable-proposed-upda

    From Debian FTP Masters@21:1/5 to All on Sat Oct 16 16:00:02 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Sat, 25 Sep 2021 22:17:13 +0200
    Source: tomcat9
    Architecture: source
    Version: 9.0.31-1~deb10u6
    Distribution: buster-security
    Urgency: high
    Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
    Changed-By: Markus Koschany <apo@debian.org>
    Changes:
    tomcat9 (9.0.31-1~deb10u6) buster-security; urgency=high
    .
    * Team upload.
    * CVE-2021-30640: Fix NullPointerException.
    If no userRoleAttribute is specified in the user's Realm configuration its
    default value will be null. This will cause a NPE in the methods
    doFilterEscaping and doAttributeValueEscaping. This is upstream bug
    https://bz.apache.org/bugzilla/show_bug.cgi?id=65308
    * Fix CVE-2021-41079:
    Apache Tomcat did not properly validate incoming TLS packets. When Tomcat
    was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially
    crafted packet could be used to trigger an infinite loop resulting in a
    denial of service.
    Checksums-Sha1:
    5c586de219f0126b8fbcf7e444f8440f7877bedb 2889 tomcat9_9.0.31-1~deb10u6.dsc
    26e52169d79b7be7ea154df8a72eb91320d5a7e9 46080 tomcat9_9.0.31-1~deb10u6.debian.tar.xz
    6e70554b19a9ee8ad2d0908423beb5fb35ade5de 8802 tomcat9_9.0.31-1~deb10u6_source.buildinfo
    Checksums-Sha256:
    8a9ca7fd50887a229a641f3070e39bdce6e4cc413486fd9367bf47df6f916325 2889 tomcat9_9.0.31-1~deb10u6.dsc
    d2f2790cee37f6f9459fb6a07e996c08c13bbb3eeba4a367615d58a8bf0f1591 46080 tomcat9_9.0.31-1~deb10u6.debian.tar.xz
    8ee7b20dd2854f464eec032db744965c9d6d27a1ca7a48885c9664a8c39037aa 8802 tomcat9_9.0.31-1~deb10u6_source.buildinfo
    Files:
    c3a45dce5428ff748d80185e5d3c68df 2889 java optional tomcat9_9.0.31-1~deb10u6.dsc
    29f978148aaefece0fd929953be29059 46080 java optional tomcat9_9.0.31-1~deb10u6.debian.tar.xz
    04b7cbc975c56e9ff4bdd7b51514ecd9 8802 java optional tomcat9_9.0.31-1~deb10u6_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmFgVp9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkJkYP/RjV9mclUS0ixw+Klw/I4J4t2U1ZfAe8p5PW Q8xia4wfGKKqcRVQgSmWDBNMjdpl3QM5n4uQ+eUlgVFdiRtVHUT9G5/0Gcn4wsZT MZzYwYqhjbUul/xiHZ4Sncxi2iNVwf7BJDRem6tEVujswRFAry2FK920CRCyi9UU Q7Gipbx1P2AoHNLKBvvpKZcNyRuJhVXP0i/9mjGUEstl6L7KeZ8o4rAz2Ao3FrFv tSLb0ND263GMKAq5NdHgnBdwtRfFkRN5PKs7jXix5dOMfFwqwkz0tXP1xfH6IgQv 2kMrcW+Ezk4jvx2I8U7Cxd90AxMBwuOU5mdevFDN2XpsB0LSW+MI2vYC1SyA0+Qq 15Isr00VU/sK/YwyHuRLWujZIrQHEm8+5D2v2dUQiQ7nr+svMqRzoNNu3IalUgap F7pqllQTyk0a2nGu0ONvyadpK/+j1WaXD3qYcnFVTS7LEfIEL4j9XH5kknz+OUsi 7+YdNXxbQ36Ly0J/Rxno4MRu+fRTmvd+QO5pBaAb+H1sQ5EWxf0hCBQ/c7lbyBk+ W9TGrRiX+vXoTxwhys1UTjKDRfhCzQS4fudHNdPzCDISjFIz4zAv54eLTFtzK4vg Bbhe6fgg0JW8qWWf7Q7UEdfk/JisqsIpTkyMpPSZMkniOr1zFs30ZfJs/4R5DtxD
    9I1enN8a
    =ug/M
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)