Back to tomcat-native PTS page

Accepted tomcat-native 1.1.24-1+deb7u1 (source amd64) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted tomcat-native 1.1.24-1+deb7u1 (source amd64) into oldoldstable
From: Markus Koschany <apo@debian.org>
Date: Sun, 11 Feb 2018 19:00:16 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1ekwrH-0004c9-W8@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 11 Feb 2018 18:35:17 +0100
Source: tomcat-native
Binary: libtcnative-1
Architecture: source amd64
Version: 1.1.24-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description: 
 libtcnative-1 - Tomcat native library using the apache portable runtime
Changes: 
 tomcat-native (1.1.24-1+deb7u1) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2017-15698:
     When parsing the AIA-Extension field of a client certificate, Apache Tomcat
     Native did not correctly handle fields longer than 127 bytes. The result of
     the parsing error was to skip the OCSP check. It was therefore possible for
     client certificates that should have been rejected (if the OCSP check had
     been made) to be accepted. Users not using OCSP checks are not affected by
     this vulnerability.
Checksums-Sha1: 
 85cc2e4cdd23d6eabb2b6c5f5b8a5c5377d7bd00 2221 tomcat-native_1.1.24-1+deb7u1.dsc
 e76d7ed52f56b9b7a3a9d1a03f9e11ebca954270 261742 tomcat-native_1.1.24.orig.tar.gz
 1a70b336a782b745c73626469a93b06e6ba9f1b2 6394 tomcat-native_1.1.24-1+deb7u1.debian.tar.gz
 150555a94e47a1407b41773be08010235b359239 135706 libtcnative-1_1.1.24-1+deb7u1_amd64.deb
Checksums-Sha256: 
 cc604b5da61d6398c0afa9c1f3a685d158a0f21978772cffcd709019f07256ce 2221 tomcat-native_1.1.24-1+deb7u1.dsc
 0377849f42e32eaa6a8feaa639fa2d209dd4e34a3503d56a579b014aa2d5b349 261742 tomcat-native_1.1.24.orig.tar.gz
 9513db8391eaa588a65ba708848ffad4d23920cce8302300bc5829b4a8856325 6394 tomcat-native_1.1.24-1+deb7u1.debian.tar.gz
 d0e0eb40444c5e1501bdb96bc6dfe2dfb79588760059e18fbc5c395758fb4f42 135706 libtcnative-1_1.1.24-1+deb7u1_amd64.deb
Files: 
 1ee3e167137b7e3f57ffa2b52dea6f49 2221 java extra tomcat-native_1.1.24-1+deb7u1.dsc
 cfd4762f2da19ba79d1b6a2a948c9d21 261742 java extra tomcat-native_1.1.24.orig.tar.gz
 182b51f9d18dd9b4db4b4d5615cef898 6394 java extra tomcat-native_1.1.24-1+deb7u1.debian.tar.gz
 f327fe9f5fad35b78b3f203b2bc7e393 135706 java extra libtcnative-1_1.1.24-1+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlqAjq9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk8fQP/3zJ6931O6UPX3sM2tD+BzHJPmNJbC0s+awd
1GTK7FO/zqGg1mfOEHCTzTBn5Vw+2DKXK03PAG3Q/c9x/4aXXujKByI+Vr2EPXNA
8HCFI5CpWd8FIRv+0uzpm7ogd4zWXZzNED16g2kwBSRizlJGA21ltpFcuJBhi1EA
DBgM1j5DjZoIHrPPCFcHuMT5n5hgFc94p+abmmDYBjx2An0gnIkQrSrPHIRL3a3A
tbbaaFu64+VOJXS2cK+SFbWAQpZUVWxGZkqd1pEgsFqgpniHxUwWTmZyk+hMmthB
dzhiDrIqjsgGO1kzuANQC4QIRaAoYa7A/QuZmtKo0lVUSpVgxD55VrArYYGpRTOa
BF6D4ILG2XgfVkc+6rwJLvpKpBJAsbrVTYB/Yi4tKDNCpdt62SuR10FdP0FThjwI
8gcG/itac+D7eOLI6GgqdXZR6WjkwvhIVOuQrVQiTITRTvwIiwVyKEz7xb2+sZVQ
sEA8zECRXcgf2JE4xb0TdT56qGev/S35wH/uPVnRNsNUrwB/R6+3UVXPhKcddO7A
zuJxZ6wJKMLxbEY3gBGLX+GciPauCeANsr5ONnbknBE38dgJ+i2FKJdThScygXTO
P3ikX6npPuQIkGvuHocagTF7owOBTqsOFGkOriL5nKFMxzCCECOKiAl6O9wJnXb5
CuEb3yjk
=/KBV
-----END PGP SIGNATURE-----