Back to tomcat-native PTS page

Accepted tomcat-native 1.1.32~repack-2+deb8u1 (source amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted tomcat-native 1.1.32~repack-2+deb8u1 (source amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
From: Markus Koschany <apo@debian.org>
Date: Fri, 23 Feb 2018 13:34:58 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1epDV4-0002wN-2k@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 11 Feb 2018 21:01:06 +0100
Source: tomcat-native
Binary: libtcnative-1
Architecture: source amd64
Version: 1.1.32~repack-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libtcnative-1 - Tomcat native library using the Apache Portable Runtime
Changes:
 tomcat-native (1.1.32~repack-2+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS.
   * Fix CVE-2017-15698:
     When parsing the AIA-Extension field of a client certificate, Apache Tomcat
     Native did not correctly handle fields longer than 127 bytes. The result of
     the parsing error was to skip the OCSP check. It was therefore possible for
     client certificates that should have been rejected (if the OCSP check had
     been made) to be accepted. Users not using OCSP checks are not affected by
     this vulnerability.
Checksums-Sha1:
 723edf9fe46841fef0759940d82a96391547317c 2267 tomcat-native_1.1.32~repack-2+deb8u1.dsc
 a39ddc8c230da50a7f27f1deb1d1d117373477f8 388291 tomcat-native_1.1.32~repack.orig.tar.gz
 c4d31c46ac6fe7885291d600c2a212fe686b9b5e 6052 tomcat-native_1.1.32~repack-2+deb8u1.debian.tar.xz
 b4133965aacdb0f2e3502d5e4b724c07a26ac134 85062 libtcnative-1_1.1.32~repack-2+deb8u1_amd64.deb
Checksums-Sha256:
 8bb6d7af9cd893cdc2fcb691e8951333aa6ff76d672051aadba5d9317ba20b87 2267 tomcat-native_1.1.32~repack-2+deb8u1.dsc
 81394519aa0704f7fc6597148d9939fd2344bce4c9bbab0424050db2405b0cf5 388291 tomcat-native_1.1.32~repack.orig.tar.gz
 26ecddcde1b63d1c97319718d2b5d4c7cd2f46a8dd9a6ce25b8e478bc81a5aef 6052 tomcat-native_1.1.32~repack-2+deb8u1.debian.tar.xz
 4ce389396be881ef446cfa0d4f9659240c25e780c0f1e250a230c95a456eb485 85062 libtcnative-1_1.1.32~repack-2+deb8u1_amd64.deb
Files:
 57f4305028d42a9670fe954b0facd9ef 2267 java extra tomcat-native_1.1.32~repack-2+deb8u1.dsc
 993abcdf75aa35f3e2a650de9bcb9a10 388291 java extra tomcat-native_1.1.32~repack.orig.tar.gz
 037a2456058ac3034f6b8b7869e697d6 6052 java extra tomcat-native_1.1.32~repack-2+deb8u1.debian.tar.xz
 70d197a8f9be1e68786bcf19019aaa48 85062 java extra libtcnative-1_1.1.32~repack-2+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlqBpRtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkGzEQAMhzhEgsrXO55EbuXxqJPu6SsYQ9ZRJGX5x+
dbunueZ4o2Mfqm3224NhQFxV9EX9OKdirxJfsB04fYurTeTzg+30BPxXM0hZ5/vS
tM8/SvrqeljMQqFz6v63aCvjah8kUfeohcgPE+A7JvK9J2T8JAfSMVLOKrocqp25
FbTRQVM0VXCYr+gJt9BasqOVvc4Yk5SCGKtod9UQjVfqlMYJAWZnUoBP8EJ0pdg2
t6DohJb2jsEVfquKvWmciX6ubGIw5DENGdMoU7WeaYmjQ5Zsa+eQILJcNpmyowkr
XoAuT3rkRJy90JPxDkZ/aOXYXAsFZ3gn7XjrME9uRP/I1+J36jqwJWRUHquBmrk/
4yoKiB1Sv+KThVmHKPoqATJB1ZANJcE4bEPc4f79RH3xLARdBO7JGlH8OVGtHAim
L14RRaHog0hrcDKRnvFEHqxP9d3hfqubXmUgyavVN88urIczu1iqtxcxp01F+YQ3
P4P3TmFIptL7bn5j8hhjtC/JCiJT+QfN1B5vmo6DOCfH7daHhQFxHXkmMxCOcipK
74GoU7ZWwU1qa8q9qrOyIuuuB3oVK0pL+fazuxpYzTUk2VKuiwYRVS/Hu+C/jwNP
ua7rI14rJ0nJFKzKIQBvPxsFbJWsJndXE2nN5XuwgnVs9cId7bc5tgZZl8lzESQY
2pyVP8+w
=hGdm
-----END PGP SIGNATURE-----