Back to tomcat7 PTS page

Accepted tomcat7 7.0.28-4+deb7u18 (source all) into oldoldstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 06 Mar 2018 13:00:42 +0100
Source: tomcat7
Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs
Architecture: source all
Version: 7.0.28-4+deb7u18
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description: 
 libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes
 libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation
 libtomcat7-java - Servlet and JSP engine -- core libraries
 tomcat7    - Servlet and JSP engine
 tomcat7-admin - Servlet and JSP engine -- admin web applications
 tomcat7-common - Servlet and JSP engine -- common files
 tomcat7-docs - Servlet and JSP engine -- documentation
 tomcat7-examples - Servlet and JSP engine -- example web applications
 tomcat7-user - Servlet and JSP engine -- tools to create user instances
Changes: 
 tomcat7 (7.0.28-4+deb7u18) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2018-1304: The URL pattern of "" (the empty string) which exactly
     maps to the context root was not correctly handled in Apache Tomcat when used
     as part of a security constraint definition. This caused the constraint to be
     ignored. It was, therefore, possible for unauthorised users to gain access to
     web application resources that should have been protected. Only security
     constraints with a URL pattern of the empty string were affected.
   * Fix CVE-2018-1305: Security constraints defined by annotations of Servlets
     in Apache Tomcat were only applied once a Servlet had been loaded. Because
     security constraints defined in this way apply to the URL pattern and any
     URLs below that point, it was possible - depending on the order Servlets
     were loaded - for some security constraints not to be applied. This could
     have exposed resources to users who were not authorised to access them.
Checksums-Sha1: 
 cf3fc9291193e803c4cc93af99a18abf230950a7 2799 tomcat7_7.0.28-4+deb7u18.dsc
 5a8591de023ca5bddfb8717526158a3b57939c6c 211489 tomcat7_7.0.28-4+deb7u18.debian.tar.gz
 78346135b56831de5b0683964e2f0c0182cab332 67776 tomcat7-common_7.0.28-4+deb7u18_all.deb
 1f96feb3f005b989c977d6919f37e714de5f9af4 55104 tomcat7_7.0.28-4+deb7u18_all.deb
 4235af51eb94ac5560a65d25d9e32fd869325584 42816 tomcat7-user_7.0.28-4+deb7u18_all.deb
 2d3ceb948d481869810882decfea2652e0e1b2e5 3517154 libtomcat7-java_7.0.28-4+deb7u18_all.deb
 e75c7fc2feb898c853c60c8c9b687388e154f456 309252 libservlet3.0-java_7.0.28-4+deb7u18_all.deb
 8f36a61434c21a13427362256966a94de88ec6c1 322800 libservlet3.0-java-doc_7.0.28-4+deb7u18_all.deb
 e6fcc40a16f3aad643a9a2f3cf8744cd72f67d20 55470 tomcat7-admin_7.0.28-4+deb7u18_all.deb
 0a7dfab27afd0757724408c8717b2dc1d017cfc1 208410 tomcat7-examples_7.0.28-4+deb7u18_all.deb
 ef20ee83ad5800c9503ebc813f1bbcedc2112e16 657728 tomcat7-docs_7.0.28-4+deb7u18_all.deb
Checksums-Sha256: 
 384a74621396a33d170835dc2aa8a19dcda75e1ccd4b310706c40ad084b2349e 2799 tomcat7_7.0.28-4+deb7u18.dsc
 7cc9297d8b6f622c18dbbe1fecf89982393da8c5610621c39be5188f19f26488 211489 tomcat7_7.0.28-4+deb7u18.debian.tar.gz
 e1504e75eb4d75cf56415e9f4f4b766d7246ed4385e5325759d382a9e898eb1c 67776 tomcat7-common_7.0.28-4+deb7u18_all.deb
 c90b2939018e4192cf1afc7883bb66f45d5ec5a071945a0e923c35aab9a3de0e 55104 tomcat7_7.0.28-4+deb7u18_all.deb
 a61421f49bf9f2c4ae8f61eb237deb529986aca688443cbda144f774063cb31b 42816 tomcat7-user_7.0.28-4+deb7u18_all.deb
 e63c4a4825dda756ccaec01dd9fde1f57064afb2504d85f7a6b5ec7d9e8ca8f3 3517154 libtomcat7-java_7.0.28-4+deb7u18_all.deb
 dbe90e6ba786b1025c88152c26cf08ca9385efd90ae11726590162a5c6c964d1 309252 libservlet3.0-java_7.0.28-4+deb7u18_all.deb
 890941c5fa2b82639a8f8a7354d03c9cf02e05d0881b7d55adbd5d7c1ceb420a 322800 libservlet3.0-java-doc_7.0.28-4+deb7u18_all.deb
 f9e1d512f4df39d4ead75006890a8c4d78ef6f24549822a6b2a436bbc44584e1 55470 tomcat7-admin_7.0.28-4+deb7u18_all.deb
 aec9b07fddd2115139dca292900f58a8d50eb8d132f4cfe74bb34467fa319214 208410 tomcat7-examples_7.0.28-4+deb7u18_all.deb
 ca204d6aa65a14aa4da8a74d9145df6d0368895f210a798124f6b12eb4fbd6cf 657728 tomcat7-docs_7.0.28-4+deb7u18_all.deb
Files: 
 108cb8d6a775c7206c75ab1e7793a767 2799 java optional tomcat7_7.0.28-4+deb7u18.dsc
 d24d93f67250cd9f9c1ccafcc7cd5d0c 211489 java optional tomcat7_7.0.28-4+deb7u18.debian.tar.gz
 6b27070d42cf5514fc1abb3a73a489e8 67776 java optional tomcat7-common_7.0.28-4+deb7u18_all.deb
 3b59d0aabee5e7e4d715fd25f44bbd82 55104 java optional tomcat7_7.0.28-4+deb7u18_all.deb
 faceefa75dbc655fe4b910fb86ba79ef 42816 java optional tomcat7-user_7.0.28-4+deb7u18_all.deb
 72fabc09e20de073124a4dbab1625f3c 3517154 java optional libtomcat7-java_7.0.28-4+deb7u18_all.deb
 46f60a3d9235ad5280c2275c6ed8ee7d 309252 java optional libservlet3.0-java_7.0.28-4+deb7u18_all.deb
 68ecf44b91b3d4ab42897f7bfe01b168 322800 doc optional libservlet3.0-java-doc_7.0.28-4+deb7u18_all.deb
 4643c902e6b65913f3ebcdde7f07a923 55470 java optional tomcat7-admin_7.0.28-4+deb7u18_all.deb
 8b139f6689f57d562f430b44fea731a7 208410 java optional tomcat7-examples_7.0.28-4+deb7u18_all.deb
 947873f82abb314a10bd1b97fbe97250 657728 doc optional tomcat7-docs_7.0.28-4+deb7u18_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlqeh49fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkH/AP/jVj1qdCxOjxRgsxcUmgkYFoM3pT1XHL3NpD
DucfeY1kJqSyLIPUe/J92XVcCT417/zurMCToxctcGCt6hfaxokJY4EKyKIgu5jb
4TWF6KYHSzgzVekCa5MbQJJxXK1BHEF6VU56ZmpZLJDl23tQltBpqvRGXkPQDzuE
ch5+govsdbGGNNZH46J+uDAkSIZPdt0HVxTtyVCDq/oMi8ZpPhYZYp/3eH5CWBbA
GCicZsS14dm95GbxOq2inpBjXPsEwjbW7L4WcYY1mmEZCPlBJFhxRLZDbOKJR1Lh
8p20g7NuoFRfvXO676UGUEVPadDlzBSNDbfT6DvF8OxohSAl8QlVi2asyVUJ7xaS
Qk4RzhB3606NeO/FpiEpe8TQdv4ITBHNn33PgHHftXdMc6fGb7ub9BqG/+z1z+rt
LQwnh3mapk4RWLSYr7ZXHiPJPSSJz06DtHiJ1EFPKh/McSIGaZLoB+cGSUTgPUpO
trcUSex8orQRW91R0kj+ofA/l1JitZN6szWJak4zaRv/GgKN9+Twu4cKrnmTswem
EQiN8vl56WLEYNH9JutpC6pmgpCstUitYjKqXHIlkggNhQOMDnAqvffHmetPsdLC
Yjrj354HESMZBbF2fLjmPRM6KktjRqViQhOtnJbuRCChZ9Inqe4H4s/V6d59saDd
l881q8uG
=rwKu
-----END PGP SIGNATURE-----