Accepted tomcat7 7.0.28-4+deb7u16 (source all) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 07 Nov 2017 12:36:51 -0500
Source: tomcat7
Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs
Architecture: source all
Version: 7.0.28-4+deb7u16
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Roberto C. Sanchez <roberto@debian.org>
Description:
libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes
libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation
libtomcat7-java - Servlet and JSP engine -- core libraries
tomcat7 - Servlet and JSP engine
tomcat7-admin - Servlet and JSP engine -- admin web applications
tomcat7-common - Servlet and JSP engine -- common files
tomcat7-docs - Servlet and JSP engine -- documentation
tomcat7-examples - Servlet and JSP engine -- example web applications
tomcat7-user - Servlet and JSP engine -- tools to create user instances
Changes:
tomcat7 (7.0.28-4+deb7u16) wheezy-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
.
* Fix CVE-2017-12617.
When HTTP PUT was enabled (e.g., via setting the readonly initialization
parameter of the Default servlet to false) it was possible to upload a JSP
file to the server via a specially crafted request. This JSP could then be
requested and any code it contained would be executed by the server.
Checksums-Sha1:
90eb393027619f9757d4e16602170c1ddbcba35c 2648 tomcat7_7.0.28-4+deb7u16.dsc
64524682f2f6caee46294fe0265da24e7e138bb1 203644 tomcat7_7.0.28-4+deb7u16.debian.tar.gz
a96edb85259043112832a9c3e192bac36162e86e 67114 tomcat7-common_7.0.28-4+deb7u16_all.deb
9e59f04fc1f126c6c89142e666172ef3cea4106e 54844 tomcat7_7.0.28-4+deb7u16_all.deb
69a5e7bae93f090da1d9de8d54d36ea48920f7c0 42818 tomcat7-user_7.0.28-4+deb7u16_all.deb
2f0e43c52e011b81930d40f01b1ec9b72f17d7ee 3512086 libtomcat7-java_7.0.28-4+deb7u16_all.deb
b9202671b1c551c1ea26d2984e27f218dbc71fc1 308810 libservlet3.0-java_7.0.28-4+deb7u16_all.deb
dd355cc48f0a674fd0c7f5dcfc95418243fba296 324982 libservlet3.0-java-doc_7.0.28-4+deb7u16_all.deb
f4238df0ae3fca740bbd65ab88f855e954c2bc7f 55096 tomcat7-admin_7.0.28-4+deb7u16_all.deb
bc19508a5ec5d39eda57e84fe1c27ed4f7c02929 207290 tomcat7-examples_7.0.28-4+deb7u16_all.deb
1812f76f7ab0df027dfb9ad7583ffd32b6f22ec0 652770 tomcat7-docs_7.0.28-4+deb7u16_all.deb
Checksums-Sha256:
09d357ce58c7fb0f7c7d5d70da1c21e3b326928d0d98fc05702bd2a917938aa1 2648 tomcat7_7.0.28-4+deb7u16.dsc
383caa9b49e10f53cd76a5dff802253347757df56288fe4574007d206f2b4fab 203644 tomcat7_7.0.28-4+deb7u16.debian.tar.gz
a32aea1af2128aa0c9e18207980665704d5d590f59d1a35b7bae754250d7eeb5 67114 tomcat7-common_7.0.28-4+deb7u16_all.deb
ec25b3bc7cf8a9e206ee7f1337afb78703a3452a8be8c98abff4c5d1805f9bc1 54844 tomcat7_7.0.28-4+deb7u16_all.deb
e9f2cfa39474d6908d19887c8322edd3ca807d34f7caf733bace9e98d505ff7a 42818 tomcat7-user_7.0.28-4+deb7u16_all.deb
ff846afba7ff4f9504927f2b8e349f5eca98c784ea573813c0e0c744d2c748d6 3512086 libtomcat7-java_7.0.28-4+deb7u16_all.deb
abb3107f10d98b5da6a1abf1da0617c510d9056301fb2510064fbe7b32993569 308810 libservlet3.0-java_7.0.28-4+deb7u16_all.deb
ad6b92eeb3a6c71bbee44f4096d7ea4f9627918461b1ef877d630abb2a56ed3e 324982 libservlet3.0-java-doc_7.0.28-4+deb7u16_all.deb
7db8af37e82d59846e10369c8e9fe391492f58761cd57fe4ef25addefc0c2d02 55096 tomcat7-admin_7.0.28-4+deb7u16_all.deb
6792c5a12d38ed24b986bf256f5e922bbd767b7bf7a107e082859df1b0814b3d 207290 tomcat7-examples_7.0.28-4+deb7u16_all.deb
c7398ed259faa1dfd8793ff0e7a729df207ee0844a134aceaf0d3cd07db81541 652770 tomcat7-docs_7.0.28-4+deb7u16_all.deb
Files:
6281336853c2f74558f66a1d7bdbfb32 2648 java optional tomcat7_7.0.28-4+deb7u16.dsc
b684de4e8fd84a103cf09b21fe497552 203644 java optional tomcat7_7.0.28-4+deb7u16.debian.tar.gz
27ddf582c034c7e395e277682b1d310c 67114 java optional tomcat7-common_7.0.28-4+deb7u16_all.deb
b38c15bdb4edc3fdf1fe762d0e97cd22 54844 java optional tomcat7_7.0.28-4+deb7u16_all.deb
95e1a4783717eeaef508fe078adbeb36 42818 java optional tomcat7-user_7.0.28-4+deb7u16_all.deb
52d91fc22e6482573af10aa29f45b74b 3512086 java optional libtomcat7-java_7.0.28-4+deb7u16_all.deb
30c252212d49d0e17cc0af68f03f4460 308810 java optional libservlet3.0-java_7.0.28-4+deb7u16_all.deb
ba67f2ae650c02e66859fa29f1d26ecf 324982 doc optional libservlet3.0-java-doc_7.0.28-4+deb7u16_all.deb
67cc8cfebde128de88b7ed670750e38e 55096 java optional tomcat7-admin_7.0.28-4+deb7u16_all.deb
0f6516fa538b871b1fe501aaa849fa82 207290 java optional tomcat7-examples_7.0.28-4+deb7u16_all.deb
b2da7d0ce382553acd9cd1d179e919b6 652770 doc optional tomcat7-docs_7.0.28-4+deb7u16_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAloB9gUACgkQLNd4Xt2n
sg/MAw//SjfXzsTV8pm3jSSwMEY5oD7AiZvhCZQmC5jABLxpemKX5+h9fj8tJcFB
PK8a75F894R4AhGLUNXWeRQnyWe6rkGN72zEL/bkE9XYRaRg7fCy7qtxmYVUw1mI
yyMim6nf3wtXaxk1/XIxx87rZay2cDrYQGtv6SULM87FXsMYYyukyDPL9qhpkGJY
dJ4x9Jy7ykm3ZlygQrAULMFEdUDAOpvjLokS3rtsO0r7a/cTjoSuNnP7fpMqNmVI
Xq7xT2FBJKwUo4Pw+PmFLB2c+HaKFHXcdvCTfnCGZ17ACR36uOOK2d42nQuJ4uVt
gzBPUEvleAIS6OasbYjlM4jTh0WkFJrs979iXgUARedeteM9DtGLY1/2drxe3lLu
m5ewc+NvgzHUp4QkCO2pRiYfpBigBOSpDq43aa9s8pBWBeaLLgsqUn34SKX5lNrC
DUbmufp/y88KpaEdrkMZEsMrbaLpL1s6YNPAAxpm5eYdlKlHrFwmHrTw1rOOkWOk
F7LoLkiKqvpmVm2gEQwz9HyHCkesZQwIrSW/2tmm9bbMz4Ct4i70pY679nXnNOTr
Dqvl0f6TDagDJuk0/qU64zPbvRcwM7PwzRKBI4P6QX7oLBUFcv1t0d+8DLbH12OG
TKIVL1UORp8hwT5BJIoQwKuW+bC51DjxVCSJ6lQhqKFcrkk2z58=
=knsd
-----END PGP SIGNATURE-----