Accepted tomcat7 7.0.28-4+deb7u9 (source all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 10 Jan 2017 22:09:47 +0100
Source: tomcat7
Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs
Architecture: source all
Version: 7.0.28-4+deb7u9
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes
libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation
libtomcat7-java - Servlet and JSP engine -- core libraries
tomcat7 - Servlet and JSP engine
tomcat7-admin - Servlet and JSP engine -- admin web applications
tomcat7-common - Servlet and JSP engine -- common files
tomcat7-docs - Servlet and JSP engine -- documentation
tomcat7-examples - Servlet and JSP engine -- example web applications
tomcat7-user - Servlet and JSP engine -- tools to create user instances
Closes: 849949
Changes:
tomcat7 (7.0.28-4+deb7u9) wheezy-security; urgency=high
.
* Fix CVE-2016-8745:
A bug in the error handling of the send file code for the NIO HTTP
connector resulted in the current Processor object being added to the
Processor cache multiple times. This in turn meant that the same Processor
could be used for concurrent requests. Sharing a Processor can result in
information leakage between requests including, not not limited to, session
ID and the response body.
* Update CVE-2016-6816.patch and backport changes to SecurityClassLoad.java
as well. This fixes ClassNotFoundException when running with
SecurityManager enabled. (Closes: #849949)
Checksums-Sha1:
5b5248061c8b566e382ee9908936f549925a0af5 2795 tomcat7_7.0.28-4+deb7u9.dsc
e88a4aa274f02c5a13ba35581e44ca24b7014b76 186644 tomcat7_7.0.28-4+deb7u9.debian.tar.gz
b8d77384389bed3125b725e69af59d6aa5d67a0b 66066 tomcat7-common_7.0.28-4+deb7u9_all.deb
5807129972ff74ffd54e6768f91a76181a641f25 53410 tomcat7_7.0.28-4+deb7u9_all.deb
e62bb8317ec57630fe649d0e58c647f336c2874a 41470 tomcat7-user_7.0.28-4+deb7u9_all.deb
50d2d3792de818366bf1af2ff3646072ff53455f 3503904 libtomcat7-java_7.0.28-4+deb7u9_all.deb
4f0849e4da24995f2847b5970a44e019ec2d95d3 307446 libservlet3.0-java_7.0.28-4+deb7u9_all.deb
780147c84a67d55554eb0f0425133c3ddcb61a23 321058 libservlet3.0-java-doc_7.0.28-4+deb7u9_all.deb
1c7cb4b08df9b96b154718e970b40a7605b2c77b 54114 tomcat7-admin_7.0.28-4+deb7u9_all.deb
0c52be10d4ab10a68a2ef13348a2e797febb1a26 207660 tomcat7-examples_7.0.28-4+deb7u9_all.deb
8e19c5279f7e076b2f65f7cc2e918c60e5ddd695 648936 tomcat7-docs_7.0.28-4+deb7u9_all.deb
Checksums-Sha256:
cc4e79b3bfdee87fd13e8ba89de323a428553e0e6d24457ee3cf6df5a3c37af6 2795 tomcat7_7.0.28-4+deb7u9.dsc
e594b4af0ca14694de8516237859c57293cb4aa83b0a78972e4e39ba74e5f093 186644 tomcat7_7.0.28-4+deb7u9.debian.tar.gz
d00299e5d3b40a3ca49ff043fe2c53d1f08f05efef93e61c4d259ded10473d81 66066 tomcat7-common_7.0.28-4+deb7u9_all.deb
6c4c222e0cc6c983e469e1ef9e3654a197588cc9d98528aacdd88123b8955fd6 53410 tomcat7_7.0.28-4+deb7u9_all.deb
62549cef19ffb4794c6cd7eb77d682d86ed20933e5fc00db3ea829ac6392e7f5 41470 tomcat7-user_7.0.28-4+deb7u9_all.deb
00ae576bbaa23289b84bd4bb79de31f2524c105ca753b307dc6cdc3e24686558 3503904 libtomcat7-java_7.0.28-4+deb7u9_all.deb
15482e4f6a9d592c21c2cf3cb32012d90e997604a9c0358df41bb29896b641bf 307446 libservlet3.0-java_7.0.28-4+deb7u9_all.deb
2e1c5758efc7b9fc1ec819289b8ebbeefd8a7f903f842659c66490ecec43c299 321058 libservlet3.0-java-doc_7.0.28-4+deb7u9_all.deb
da1be2658c123052473bc3308932748f9635a017e09960dfbc772331e89da95a 54114 tomcat7-admin_7.0.28-4+deb7u9_all.deb
9be06bf95c908ce07b10addd3fef9bcaf95b718f4c85888c465594fe5696534a 207660 tomcat7-examples_7.0.28-4+deb7u9_all.deb
15d8b1bfbceebce658bbeab87e85e23c65abdde5aff7ca77fed8581b26e71bec 648936 tomcat7-docs_7.0.28-4+deb7u9_all.deb
Files:
bcb9744820c575ff60eeced5a7e7beaf 2795 java optional tomcat7_7.0.28-4+deb7u9.dsc
cacfcffd23e1961278d67588b7314176 186644 java optional tomcat7_7.0.28-4+deb7u9.debian.tar.gz
392a457d899e6d3f5b64be6181961bf7 66066 java optional tomcat7-common_7.0.28-4+deb7u9_all.deb
40cef88a0c4fca4616b88e6ffef297d1 53410 java optional tomcat7_7.0.28-4+deb7u9_all.deb
25bf0b56815f76b44f50f2fc29d8b80f 41470 java optional tomcat7-user_7.0.28-4+deb7u9_all.deb
2ed9a02afdee863f00b73d6a07eae14c 3503904 java optional libtomcat7-java_7.0.28-4+deb7u9_all.deb
ffd3edefc7d4e9c5482aeca70a3a11ea 307446 java optional libservlet3.0-java_7.0.28-4+deb7u9_all.deb
b82994d9c9313fd517563e8042e2d443 321058 doc optional libservlet3.0-java-doc_7.0.28-4+deb7u9_all.deb
ba7058906c3e24d7256f27b44e92ffd6 54114 java optional tomcat7-admin_7.0.28-4+deb7u9_all.deb
cb1e039127e410da1ba2975faf56100b 207660 java optional tomcat7-examples_7.0.28-4+deb7u9_all.deb
f2e1820509d77ad2adc9897a481445c1 648936 doc optional tomcat7-docs_7.0.28-4+deb7u9_all.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlh1Vy1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk+qEP/21yXlKGHE4zSFSEbRNFl8Xy8TdTXDoXZbmx
47yR4jB8OEs5v5DFTL0Pec0uvTthGgqcvA5oQSfrHH8Xqp1Uqqa5QRYFn4HM7BP7
7WuVllYOnRCBXIw8BgZzQ+YhBt7JgHClOc5JrzH7Q/oRJWjq0RMgKl/qk4sbB0GQ
XAl+wc2HQ+F6Hdv3yHxNwjr+ewykpbwbbf2dC2vFk0Xi6tvWZBkhe5ttVjlFphKP
VPwQkUqOH/MDS8XDrgO5WzDD5xhko2zpK6JUyE9JnNxhBueGLV9R9/uZQlMSNBCH
n6Yf0sKVe4PUCCXHwWkySvcKQVc2bWLFN6aMbhmoU80FrgNbssmsE/OjyIbeBTB+
mZTq1Kmw9Fnk9LNcgI+1mImTA70TjXNjfrunC3qP1WZ1uEOyyaue8xxRG8jhnn9E
sKhng/47rBarFdRV0LgSEVdrhjTCAgDH/6PSjwBUJUrWO2eeIJQJYAjtJ2I8hf9g
KXaTgXh3aOTBjIswZm1SC6IUDsuaqBP/0EbrO0lp+Mh/D7Pz+sRksiYMHnqZ7HNc
eLSSNg/9wpylpr+Dznz/BsvOfNc+FwfKLvA9RHhZVU3bgWzDbDdeAf8sSz3yrqUo
0Nz0gm77oiVgwo3T+8GvaPHcOLrMl7zLiy0HrqBROsmbxg71QOEk5MFCEf6JuHfY
FveKZSjN
=c4SR
-----END PGP SIGNATURE-----