Back to tomcat7 PTS page

Accepted tomcat7 7.0.56-3+really7.0.91-1 (source all) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted tomcat7 7.0.56-3+really7.0.91-1 (source all) into oldstable
From: Markus Koschany <apo@debian.org>
Date: Sun, 14 Oct 2018 20:30:36 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1gBn24-0004Sz-Eu@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 14 Oct 2018 20:04:48 +0200
Source: tomcat7
Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs
Architecture: source all
Version: 7.0.56-3+really7.0.91-1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes
 libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation
 libtomcat7-java - Servlet and JSP engine -- core libraries
 tomcat7    - Servlet and JSP engine
 tomcat7-admin - Servlet and JSP engine -- admin web applications
 tomcat7-common - Servlet and JSP engine -- common files
 tomcat7-docs - Servlet and JSP engine -- documentation
 tomcat7-examples - Servlet and JSP engine -- example web applications
 tomcat7-user - Servlet and JSP engine -- tools to create user instances
Changes:
 tomcat7 (7.0.56-3+really7.0.91-1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2018-11784:
     Sergey Bobrov discovered that when the default servlet returned a redirect
     to a directory (e.g. redirecting to /foo/ when the user requested /foo) a
     specially crafted URL could be used to cause the redirect to be generated
     to any URI of the attackers choice.
Checksums-Sha1:
 69fe475c0aa8ab4cb71914cb83945dbccb0d7668 3026 tomcat7_7.0.56-3+really7.0.91-1.dsc
 f12c63ba44a21742eab95c3f1811f4ba93637bb9 3281060 tomcat7_7.0.56-3+really7.0.91.orig.tar.xz
 fc26b2d96536f81959489515b19d55b6283ea155 52716 tomcat7_7.0.56-3+really7.0.91-1.debian.tar.xz
 521d04e79dedbd18bbf0ece045738ac7a4ea4d94 295406 tomcat7-common_7.0.56-3+really7.0.91-1_all.deb
 c3356d86eff1017c2fc6d563493401d4aef8301f 55244 tomcat7_7.0.56-3+really7.0.91-1_all.deb
 d99a3f9b073c0c44c54ee43673da92a9accde28e 42644 tomcat7-user_7.0.56-3+really7.0.91-1_all.deb
 9bbc767692fad96c3d8137b8897e67e994fc9b2d 3821596 libtomcat7-java_7.0.56-3+really7.0.91-1_all.deb
 e5332327e74b804b9a3f6eb7b287adf09c225027 317882 libservlet3.0-java_7.0.56-3+really7.0.91-1_all.deb
 48f77ee53eb20cb3b3ada0d451232d649d5a99fd 209344 libservlet3.0-java-doc_7.0.56-3+really7.0.91-1_all.deb
 7448de562dee42e699e14ba918897dd36883a0a8 39076 tomcat7-admin_7.0.56-3+really7.0.91-1_all.deb
 99246607e99e06a19bbdeeed38305bb448b26a0c 202154 tomcat7-examples_7.0.56-3+really7.0.91-1_all.deb
 5975a072db7364bf45568915346e4b743c116701 687968 tomcat7-docs_7.0.56-3+really7.0.91-1_all.deb
Checksums-Sha256:
 a7eabea262fabfaa93709ae8572dd10bfe14a5f45d0c477a41283aeec6bae495 3026 tomcat7_7.0.56-3+really7.0.91-1.dsc
 21c322beff39fb7923dc16920bcfae09d754b05fbd82d91d25c2bd2f5493737e 3281060 tomcat7_7.0.56-3+really7.0.91.orig.tar.xz
 b73a73db5d4f619abee8f114d4a0facdba22616d2ace290a2428891095274098 52716 tomcat7_7.0.56-3+really7.0.91-1.debian.tar.xz
 05328f4b8f2911cce8dad00d5a20518de9526e24fcdca1b07bf3e4208b6b0e39 295406 tomcat7-common_7.0.56-3+really7.0.91-1_all.deb
 c3b56f3678644fccf6f8d4e217d218e92235370e74a83133620dd2081b44888d 55244 tomcat7_7.0.56-3+really7.0.91-1_all.deb
 27bdd1708d7408c052b8aa121c7679e736b09f5075a6d665c47443b32b326fd9 42644 tomcat7-user_7.0.56-3+really7.0.91-1_all.deb
 a475ef66be76480b33676124099b554a865f824277e396ab17c4e136fdd04dd6 3821596 libtomcat7-java_7.0.56-3+really7.0.91-1_all.deb
 2f5161cc3072bee37056ea8e3bf89bcf5223bc7c9870c1ae65568a0eae51d027 317882 libservlet3.0-java_7.0.56-3+really7.0.91-1_all.deb
 ddb2a80018872ce5ccf33d1591acf2a7427a931b33259e3fd026b230e488ce05 209344 libservlet3.0-java-doc_7.0.56-3+really7.0.91-1_all.deb
 eaef24cd99322eceaa9eaffa05e417d3e696863314bc75c36649541d8beed1bf 39076 tomcat7-admin_7.0.56-3+really7.0.91-1_all.deb
 ca66d925e13627356a02f3b57ff27b4fe5d6181be827e7c02f5efd693a244389 202154 tomcat7-examples_7.0.56-3+really7.0.91-1_all.deb
 88864ac4df41a4463fbdfa262a278b8c590ea817908a81736546c8015dd33905 687968 tomcat7-docs_7.0.56-3+really7.0.91-1_all.deb
Files:
 8f4cb0742a9838884de556a4af18a3ea 3026 java optional tomcat7_7.0.56-3+really7.0.91-1.dsc
 327201f58c939f289e12b3182f77b725 3281060 java optional tomcat7_7.0.56-3+really7.0.91.orig.tar.xz
 db0c631be5975af5db293e3255f13fca 52716 java optional tomcat7_7.0.56-3+really7.0.91-1.debian.tar.xz
 27227bf658b07814d08d02d73b7f0c57 295406 java optional tomcat7-common_7.0.56-3+really7.0.91-1_all.deb
 e8d589c8dfc0aeffee4eb7d8ddee0003 55244 java optional tomcat7_7.0.56-3+really7.0.91-1_all.deb
 ce3ab61c8542fe6ee1181ed2b61a8c29 42644 java optional tomcat7-user_7.0.56-3+really7.0.91-1_all.deb
 0b5edc54d871330597b252425417dc07 3821596 java optional libtomcat7-java_7.0.56-3+really7.0.91-1_all.deb
 12eb522fd32bb9bbe791b16d40ddbbc6 317882 java optional libservlet3.0-java_7.0.56-3+really7.0.91-1_all.deb
 2de6ee2b045ceb76fe19e28bd8e5ef44 209344 doc optional libservlet3.0-java-doc_7.0.56-3+really7.0.91-1_all.deb
 008fd6faaf921ea8b245be47d11a7d39 39076 java optional tomcat7-admin_7.0.56-3+really7.0.91-1_all.deb
 3e84689f2a105df16710588c8cd3cf08 202154 java optional tomcat7-examples_7.0.56-3+really7.0.91-1_all.deb
 9139d85bc8f17105410eca637eb6859a 687968 doc optional tomcat7-docs_7.0.56-3+really7.0.91-1_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlvDo4NfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkNCgQAIIS7FovF54NuNrlFFCCpkKgJJQw8d3/NRag
dx2hS98S5iJUSzUbSwMYQhw9nVLUfkT+i1Y1M4kTBE0U0+o9yVlwKOMDDOt1He2k
GqYcb2DGJHGNk1Rb3CWv4WRuHQ6MecsR2WJj8Iwxr8ePhYVoa72FHzVkxLP68KLd
yji/supYi1C6CuXNX0yMxOO0znvPVKZqiPnnUnPvDlvi1hygVO+uZpRlc8B3dAk0
HcKYfnrIiX/s8V+QJwrYD5A08lH07ZUabSJ6fCkF0Rqm5VKdAkdgLd4OEp+gkBmd
B3AuQBHyT4BOMVhzjzfZn1Xe6uGE6DYUBr7VBV3IqB/2OGbagY41rMgP7X7ce3k5
6b++wbpHXZDdNdBq5CaiYpgVsBkyiwlN0/XmcBy51W5L69xDkkoUAuQFVYAGmLR1
6r7coRgakCSOMse4b/3kxvfUS+ZKRSlrV7QbaRpmW+FlQQfpLOFJ3LGyTPYMh0GP
k0mRzdjmbBk0UogWN+XEAhQ6pWqAd2SIjQoK+K2GR2KeQFBihlpnEPffrMLtrgwf
mrYiW2Av+ADz3JpkuhLsxjTDS7PgjusSqJLUMWpG7HN3Wb9XeIvRr8VZIYiWzEHA
UBZH8qe4T+FA9vd7R71vP/JO5zcaPybBPLjUrHUS/NS4Qn0fSIscsHNX+DCAZayh
zzVcMS57
=5N4D
-----END PGP SIGNATURE-----