Accepted tomcat7 7.0.28-4+deb7u12 (source all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 28 Apr 2017 22:47:08 +0200
Source: tomcat7
Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs
Architecture: source all
Version: 7.0.28-4+deb7u12
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes
libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation
libtomcat7-java - Servlet and JSP engine -- core libraries
tomcat7 - Servlet and JSP engine
tomcat7-admin - Servlet and JSP engine -- admin web applications
tomcat7-common - Servlet and JSP engine -- common files
tomcat7-docs - Servlet and JSP engine -- documentation
tomcat7-examples - Servlet and JSP engine -- example web applications
tomcat7-user - Servlet and JSP engine -- tools to create user instances
Changes:
tomcat7 (7.0.28-4+deb7u12) wheezy-security; urgency=high
.
* Team upload.
* Fix the following security vulnerabilities:
- CVE-2017-5647:
A bug in the handling of the pipelined requests when send file was used
resulted in the pipelined request being lost when send file processing of
the previous request completed. This could result in responses appearing
to be sent for the wrong request. For example, a user agent that sent
requests A, B and C could see the correct response for request A, the
response for request C for request B and no response for request C.
- CVE-2017-5648:
It was noticed that some calls to application listeners did not use the
appropriate facade object. When running an untrusted application under a
SecurityManager, it was therefore possible for that untrusted application
to retain a reference to the request or response object and thereby access
and/or modify information associated with another web application.
Checksums-Sha1:
af37ab8658e644117df36b4c924a39451bff7087 2799 tomcat7_7.0.28-4+deb7u12.dsc
49a41ea2c5b876310aaa9a0cc33b360962833564 193643 tomcat7_7.0.28-4+deb7u12.debian.tar.gz
6b265ce2e5896785225153eef6a5d97708fab9bc 66554 tomcat7-common_7.0.28-4+deb7u12_all.deb
4fa82f18eb1d906670b64214b3e9a1d17e0265d2 53772 tomcat7_7.0.28-4+deb7u12_all.deb
d60650f56cac9ba259c0ad01e1871c00a23ef47d 41926 tomcat7-user_7.0.28-4+deb7u12_all.deb
22f531ab1b44c219416e58eaf4b2b85203dc769f 3509818 libtomcat7-java_7.0.28-4+deb7u12_all.deb
b6d7566b69ecf6c732e157ce050c02375e99a2c3 307970 libservlet3.0-java_7.0.28-4+deb7u12_all.deb
e3884a914d97f3ec2a82a54c14e0f78c573b18f8 322242 libservlet3.0-java-doc_7.0.28-4+deb7u12_all.deb
d04bb34aed36528235cebc9209a73c5cd04e82e7 54546 tomcat7-admin_7.0.28-4+deb7u12_all.deb
e07cf6e2ecd6d8bbf5b9ccf58aa2eadb8e47d175 208216 tomcat7-examples_7.0.28-4+deb7u12_all.deb
7eec0df06d9f394d429b20cb499dfeb00f69b889 649328 tomcat7-docs_7.0.28-4+deb7u12_all.deb
Checksums-Sha256:
14dca14539c9af018e5ff629b8559ac65e220e0c205249b35109a6359edbafcd 2799 tomcat7_7.0.28-4+deb7u12.dsc
c8c951b4a19e83ea17c5fbff27495a1527fbc77c957e845f7e6975fa2afe8af8 193643 tomcat7_7.0.28-4+deb7u12.debian.tar.gz
f5a0229162c773c1b5ff0bfaee61283d3b7009e69aab5f48580022de5e2a7cde 66554 tomcat7-common_7.0.28-4+deb7u12_all.deb
8d1d4ddaeb705f92fb2925ce0b779e405c4ce07d820797819aaf6f64c720bf0b 53772 tomcat7_7.0.28-4+deb7u12_all.deb
3558af315e42b518955905c391c87b56a20389e61e29ccb2f04c673dfa77d4cc 41926 tomcat7-user_7.0.28-4+deb7u12_all.deb
b1b6ea8e3d79e16c37f227a7914b83de1431d0a48a3a19384fc6c46b4c8b5d52 3509818 libtomcat7-java_7.0.28-4+deb7u12_all.deb
c3e5a71648e1f861823d284d0f372f6b4922ca35d312474f0e1490a7ab07a1f5 307970 libservlet3.0-java_7.0.28-4+deb7u12_all.deb
300522f83dd0c8dbc3e33a20de6661a140eb839f130898167f59a55d28946dea 322242 libservlet3.0-java-doc_7.0.28-4+deb7u12_all.deb
0cb432a6da7702bdecd9eb5c75a86c51ab4b6d3f77692187b81c683ce85088d6 54546 tomcat7-admin_7.0.28-4+deb7u12_all.deb
ef2f119da5934acae976b20e1e7b454974798834c7d18ca680e3c35f0e77610a 208216 tomcat7-examples_7.0.28-4+deb7u12_all.deb
185ccd8709ac6438569be60fedfc4284914743eaf268aa8c73d3fbb324d49623 649328 tomcat7-docs_7.0.28-4+deb7u12_all.deb
Files:
f57adae93489c370ee4e07c8316999ce 2799 java optional tomcat7_7.0.28-4+deb7u12.dsc
e42d2ff0a7014260358dc8de2fa54d7d 193643 java optional tomcat7_7.0.28-4+deb7u12.debian.tar.gz
24376d2519d1425cd75d0ace1aa45b20 66554 java optional tomcat7-common_7.0.28-4+deb7u12_all.deb
fbc064edd11e3b62e3900fd0137e9258 53772 java optional tomcat7_7.0.28-4+deb7u12_all.deb
c83dceb6f2459794850e8647cf9bce1b 41926 java optional tomcat7-user_7.0.28-4+deb7u12_all.deb
580ad45e9d37e799e22bad07d56e2cf4 3509818 java optional libtomcat7-java_7.0.28-4+deb7u12_all.deb
96be3281c7fbb4a139a526cdc9e03ac2 307970 java optional libservlet3.0-java_7.0.28-4+deb7u12_all.deb
5ab70c08b6d9253fd16aa3193f5317e6 322242 doc optional libservlet3.0-java-doc_7.0.28-4+deb7u12_all.deb
ad97f88520d2024ff6a688d95d50719e 54546 java optional tomcat7-admin_7.0.28-4+deb7u12_all.deb
ce3adc525bbde879b96cf4416a735e5e 208216 java optional tomcat7-examples_7.0.28-4+deb7u12_all.deb
d09c5f4a25ac3f04bbb417d44117dcf4 649328 doc optional tomcat7-docs_7.0.28-4+deb7u12_all.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlkDr49fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkJLYP/iSYZxGqN0+BH3IoN3/uOJTDl2LuhsOAW1EL
ZE6CNgbVM40KYVigCrFAG7KwFgKqlJqdkEtn2n6RctLfVfsFGEMBvPj0rP1ht18a
ILKRLXQ4lfmgxdgkBiXl4LyPCdQg+pkfTXBz3FHf3ZrKuHyLi2zT7C45uvgpNbo5
wBIG95aGeydJoNDz+nRND7efLZ8aDtFmrGKwerQLWcmJxfIgmX6eomXO+SLTNxn2
Z+KujHy8RAi4WVdiypVrkUN1cIjXZWaq++p0nb5/5TCaDSDC5nGdoCyuW/N+AJTr
rHyvtSmkM+4cC60gEc+vKXRkIJw4rsbKmRvgKMv0CXQ822y0EcO1FTZXN0YL6eQQ
c+CdrPwjSnZQps/Yc9HozMgfLa4MAD2ZFC8YpoUifbNkcujDYAfGem/jtV+OK5sx
jIaPPCcRmQuG8AF3gH11MYZkt5DFujVRkBhNlCa5oYwICEBAEw4ISNRFxKyRn2Z5
sHPK+I9WZTTikiBMbM/sHqop6y/HO84fDcvsBUhM3AW/WQbu9DJUw6fuF3lc0XBD
jjZRhklLAiPp2RyTmbG3qxSDhQL5DiGA7Pj10zVHGyBBEwABw/wUTtsq5Y9z7Eh5
gJBI3sD7gx/uQNOPs8TeZCYrhXjXuBz0Ww7y0OOKg76PvtwmoA/7XlL1H0UDxbyK
jxJmyJ0A
=QRsE
-----END PGP SIGNATURE-----