Accepted tomcat7 7.0.56-3+deb8u10 (source all) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 30 Apr 2017 21:21:29 +0200
Source: tomcat7
Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs
Architecture: source all
Version: 7.0.56-3+deb8u10
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes
libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation
libtomcat7-java - Servlet and JSP engine -- core libraries
tomcat7 - Servlet and JSP engine
tomcat7-admin - Servlet and JSP engine -- admin web applications
tomcat7-common - Servlet and JSP engine -- common files
tomcat7-docs - Servlet and JSP engine -- documentation
tomcat7-examples - Servlet and JSP engine -- example web applications
tomcat7-user - Servlet and JSP engine -- tools to create user instances
Changes:
tomcat7 (7.0.56-3+deb8u10) jessie-security; urgency=high
.
* Team upload.
* Fix the following security vulnerabilities:
- CVE-2017-5647:
A bug in the handling of the pipelined requests when send file was used
resulted in the pipelined request being lost when send file processing of
the previous request completed. This could result in responses appearing
to be sent for the wrong request. For example, a user agent that sent
requests A, B and C could see the correct response for request A, the
response for request C for request B and no response for request C.
- CVE-2017-5648:
It was noticed that some calls to application listeners did not use the
appropriate facade object. When running an untrusted application under a
SecurityManager, it was therefore possible for that untrusted application
to retain a reference to the request or response object and thereby access
and/or modify information associated with another web application.
Checksums-Sha1:
6b8961c359d7e315bc7abd7bd95f7d193ccfa0a2 2929 tomcat7_7.0.56-3+deb8u10.dsc
89aa6331c48ec90eb353c30d5f5d546c2d6254e0 95252 tomcat7_7.0.56-3+deb8u10.debian.tar.xz
a497e1511c8f7096d5ac0dda76082c00590941da 64184 tomcat7-common_7.0.56-3+deb8u10_all.deb
dc25f43c602a4475687c072ece015c1a6d613066 53146 tomcat7_7.0.56-3+deb8u10_all.deb
356ac728c4a920bda6dbee84c12330ff308857c3 40570 tomcat7-user_7.0.56-3+deb8u10_all.deb
5dbfb100838d3519c02b65db7341350fa4355590 3632734 libtomcat7-java_7.0.56-3+deb8u10_all.deb
b53d198b4f1094404fdf65535ed5d65ab324af05 316512 libservlet3.0-java_7.0.56-3+deb8u10_all.deb
075af4fa18871fc29e06f931bbf6f4b8f458ec01 206644 libservlet3.0-java-doc_7.0.56-3+deb8u10_all.deb
8d4152ac4f4bf32610262b55079f1650ff76256a 41560 tomcat7-admin_7.0.56-3+deb8u10_all.deb
92995236ab53ea7efb6d09dd90ac17e677b3fbe8 199798 tomcat7-examples_7.0.56-3+deb8u10_all.deb
b12d3c41ff6183be354647b6aff4a5e00088ab00 605918 tomcat7-docs_7.0.56-3+deb8u10_all.deb
Checksums-Sha256:
950197eee094103708968c22b41d29f9df6ef25f203c409c9ec6e157276cca82 2929 tomcat7_7.0.56-3+deb8u10.dsc
c5f810d1c157f9824e8777e7a4377f377232ec2417c36f4219d7244036d0df49 95252 tomcat7_7.0.56-3+deb8u10.debian.tar.xz
d757ad4a3430a7c2d944bb43359665e843b51e142265f07d9b59b013a0bcd7b9 64184 tomcat7-common_7.0.56-3+deb8u10_all.deb
659d3b29965b2d28b424da3846629f23631d842aa83109913d4cd5d13008baee 53146 tomcat7_7.0.56-3+deb8u10_all.deb
6b9ef016a9099dac32d910d7abb4f2f7725293c91cd37f1e786a58829b9478f7 40570 tomcat7-user_7.0.56-3+deb8u10_all.deb
b3dbd0f489534f8dc9a753c98000f195fb4e99b4877c9013e35ee08b838bbbbc 3632734 libtomcat7-java_7.0.56-3+deb8u10_all.deb
7d8d7d3cea5089b59a75f3a5a90abea6a306e8e8a00c1f04ce0664f0ad5e8eca 316512 libservlet3.0-java_7.0.56-3+deb8u10_all.deb
c7ef9278a4719d57e0846e0771420b3ceb643997ebd2a826650234c2ae128965 206644 libservlet3.0-java-doc_7.0.56-3+deb8u10_all.deb
b49cb761d762c250eb6ff0423979e1baea96438864b6f09505d7a5f9fa8c1c3d 41560 tomcat7-admin_7.0.56-3+deb8u10_all.deb
ecdef415b7c6fd1013a7605d83ca31943051e4d115feb7f55b68589f88aa2caf 199798 tomcat7-examples_7.0.56-3+deb8u10_all.deb
a4b558dd74662454c32a27616202a5a94e9f835bd660cbee2da401558fa4e77c 605918 tomcat7-docs_7.0.56-3+deb8u10_all.deb
Files:
5844050c3274298178d6ae169b1416b9 2929 java optional tomcat7_7.0.56-3+deb8u10.dsc
81fcdbfb2a348a2077614f75953d66c4 95252 java optional tomcat7_7.0.56-3+deb8u10.debian.tar.xz
b456c9c5842aea69e82f4a3e4d64a624 64184 java optional tomcat7-common_7.0.56-3+deb8u10_all.deb
000caeb448ee4d37d1eddf780abe4af4 53146 java optional tomcat7_7.0.56-3+deb8u10_all.deb
503c977f01684e705f0833a9ab2209d9 40570 java optional tomcat7-user_7.0.56-3+deb8u10_all.deb
dedf3004639bcd8c4916623ac4500f84 3632734 java optional libtomcat7-java_7.0.56-3+deb8u10_all.deb
f3bdfe7952ed0328e0ddeeb8b0cec3fc 316512 java optional libservlet3.0-java_7.0.56-3+deb8u10_all.deb
c26f12fa224781c479405163ee175c1d 206644 doc optional libservlet3.0-java-doc_7.0.56-3+deb8u10_all.deb
224a7476433c8d25ea0352bbca2550e3 41560 java optional tomcat7-admin_7.0.56-3+deb8u10_all.deb
2d273f9edc22873d764ee88fcec5c494 199798 java optional tomcat7-examples_7.0.56-3+deb8u10_all.deb
5830f43b65240308ec80c352585d3956 605918 doc optional tomcat7-docs_7.0.56-3+deb8u10_all.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlkI81BfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hki0IQAMzsc+9oJyE9dmUOESSKUZqu6bwOTmODOOPJ
Yg+HHB+UjB0PqgmHfWGddxDU/NpYQKnPmpkBBA0R6TdaAJLmhj85xlzJRkvJD6uR
Zx1H9ZCR8CrEF931tLAj++PI/tsDo1Gr+EPjxPHSwUouIoIWAhnzpqlcRzWQpyQw
2nUbVfOdbFe09lM3LF3ZlP1tFF9V8CO1lRlR0BJIyMoDHVDRuqtsUj8kWiiLirhG
YHLZ0/h5sd3pK+WFDDU9avfFLEVhNYggW4e0G32o4oaWWGQhmX1f42Do40+BSR8D
nNbYWAahTWbfbcaq/npymNtrgXfbzKV7s0fcGIs1unekmxGX1Ymllyi99rKP8Det
hy8RBRXCyZesZFXPqdL4C2g8QmF9b2bUjqhfzMi7sHUfBRQO/aeVwxymiFdX40dA
LvZr4FFEKnkQDv6eDLXNn74UBcAlvIDVUUeKbslxhcyHSiK8Bihjoy7MBUvE0hjt
rRdGuQa4xJVuRCQpDv1TJQ5By3lFBpbHTXllkhuFuNpKp0S5l0XnpS5JZoBEdKUN
OENxWiEQupAjdTsOr0+ISfB9rmc39B8e8iySb00rDj5YygFr/IJgxFqP7Vv1QcN4
tmvCkORg8x5IpgNozOlPA46EAwvt1BL5TbsQUIycDk5wJZEwG4V7z9bA52qWzXRu
nutkSAfh
=V3Gz
-----END PGP SIGNATURE-----