Back to tomcat8 PTS page

Accepted tomcat8 8.0.14-1+deb8u12 (source all) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted tomcat8 8.0.14-1+deb8u12 (source all) into oldstable
From: roberto@debian.org (Roberto C. Sanchez)
Date: Sun, 29 Jul 2018 06:20:33 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1fjf4D-0004Yc-UK@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 22 Jul 2018 23:07:52 -0400
Source: tomcat8
Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs
Architecture: source all
Version: 8.0.14-1+deb8u12
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Roberto C. Sanchez <roberto@debian.org>
Description:
 libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API classes
 libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API documenta
 libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries
 tomcat8    - Apache Tomcat 8 - Servlet and JSP engine
 tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web application
 tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files
 tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation
 tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web applicati
 tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user
Closes: 802312
Changes:
 tomcat8 (8.0.14-1+deb8u12) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * Refreshed the expired SSL certificates used by the tests
   * Fix CVE-2018-1304:
     The URL pattern of "" (the empty string) which exactly maps to the context
     root was not correctly handled when used as part of a security constraint
     definition. This caused the constraint to be ignored. It was, therefore,
     possible for unauthorised users to gain access to web application
     resources that should have been protected. Only security constraints with
     a URL pattern of the empty string were affected. (Closes: #802312)
   * Fix CVE-2018-1305:
     Security constraints defined by annotations of Servlets were only applied
     once a Servlet had been loaded. Because security constraints defined in
     this way apply to the URL pattern and any URLs below that point, it was
     possible - depending on the order Servlets were loaded - for some security
     constraints not to be applied. This could have exposed resources to users
     who were not authorised to access them. (Closes: #802312)
Checksums-Sha1:
 95157d89b535319beeffe0585027e93efc56bcaa 2891 tomcat8_8.0.14-1+deb8u12.dsc
 ef69d65587de8804f09af3eaddcf6090980bb4a0 81512 tomcat8_8.0.14-1+deb8u12.debian.tar.xz
 578747f921860224294d656a4cc142830eed7fec 59154 tomcat8-common_8.0.14-1+deb8u12_all.deb
 a6bf2c9e70bdcb22864cb72458e724483afb7b7b 48620 tomcat8_8.0.14-1+deb8u12_all.deb
 592fa6110b851217033a8cbdd6c75ad059628e98 36242 tomcat8-user_8.0.14-1+deb8u12_all.deb
 418cae3425c594d4ec771d321d945f3b85e5be23 4592694 libtomcat8-java_8.0.14-1+deb8u12_all.deb
 c2eabf42e7d4803f30d1a22c3dbd4c2a0bef5255 393588 libservlet3.1-java_8.0.14-1+deb8u12_all.deb
 189f6c8e45f03d6052f53e078bc11995db1b525f 248676 libservlet3.1-java-doc_8.0.14-1+deb8u12_all.deb
 163ff9d1317da7b1d530527b216baf2402f0ac7e 37562 tomcat8-admin_8.0.14-1+deb8u12_all.deb
 bb53e2b9ca7c2a313bb4c629772c74f62a227cfe 195376 tomcat8-examples_8.0.14-1+deb8u12_all.deb
 300f9c25f48e159a690077b71625834587dbdcdc 689826 tomcat8-docs_8.0.14-1+deb8u12_all.deb
Checksums-Sha256:
 c4ba7e104215e5e4da8b285f6c145479b90d67f2f5096368afa9ad994d360fba 2891 tomcat8_8.0.14-1+deb8u12.dsc
 ce3326c601ca4b17d34c47c989804ce64ec61cccabbff86355ef806e8bada429 81512 tomcat8_8.0.14-1+deb8u12.debian.tar.xz
 979428e6b80347bf3b85d4d8798aa51328de11c23f590ec1cb7b1e39e0fd9ef7 59154 tomcat8-common_8.0.14-1+deb8u12_all.deb
 79c922be06c36478d3fd7ddf9c2d4fcbf5be4c78e7365e302c6e3adcdb7d8fad 48620 tomcat8_8.0.14-1+deb8u12_all.deb
 14d0693d85cc9942421566aa429a2a2736a0d9e388b06417b70cd55a0cdbb0fa 36242 tomcat8-user_8.0.14-1+deb8u12_all.deb
 a9363f9d67a2b000703ce270506cd711934f622c5c3f3029981ba18820e29eaa 4592694 libtomcat8-java_8.0.14-1+deb8u12_all.deb
 7ae2fa432f2baa90b3e270cd8c8a0c15aa707bb50aff48ee99091d4efa7cdaa8 393588 libservlet3.1-java_8.0.14-1+deb8u12_all.deb
 665fa28eafacb89d61971f6154e141da79a025c34ceb49f841a31b56e7830fb6 248676 libservlet3.1-java-doc_8.0.14-1+deb8u12_all.deb
 311b34cac98abfed228d7d088b592dfcb01389c05397640e9db68d2783fde731 37562 tomcat8-admin_8.0.14-1+deb8u12_all.deb
 fd06c0d8ab2ddefae9054f8da6f92a056db33a2fbf1d893e2144b5ec27660011 195376 tomcat8-examples_8.0.14-1+deb8u12_all.deb
 7f54baeeaca31bd60eb4b9477b23f20a29e35a404ae2019b711d435c01d6a097 689826 tomcat8-docs_8.0.14-1+deb8u12_all.deb
Files:
 cd573dc9c208d57de05508cc03900fe0 2891 java optional tomcat8_8.0.14-1+deb8u12.dsc
 f93ed485bdfb18f5a6f1f4fdd3566e86 81512 java optional tomcat8_8.0.14-1+deb8u12.debian.tar.xz
 8b8d8a37cbe3e5dc21fc47cb29e28878 59154 java optional tomcat8-common_8.0.14-1+deb8u12_all.deb
 7fff71a2b6bc916a16c15de949943f4c 48620 java optional tomcat8_8.0.14-1+deb8u12_all.deb
 90440d13662da501a42f89c73e37d6e7 36242 java optional tomcat8-user_8.0.14-1+deb8u12_all.deb
 761062cc57b0f0fe323ae24c2102106f 4592694 java optional libtomcat8-java_8.0.14-1+deb8u12_all.deb
 587e60208676526305d77a612a3eb9ef 393588 java optional libservlet3.1-java_8.0.14-1+deb8u12_all.deb
 91f8e0e07f4c02aeaa7c59a77565554c 248676 doc optional libservlet3.1-java-doc_8.0.14-1+deb8u12_all.deb
 48b3300e9f0d35557bf0a65d60a28e51 37562 java optional tomcat8-admin_8.0.14-1+deb8u12_all.deb
 6500f4b1c1ba706716417ee6e338b50d 195376 java optional tomcat8-examples_8.0.14-1+deb8u12_all.deb
 960428f85fb68a316aff381c2c15695c 689826 doc optional tomcat8-docs_8.0.14-1+deb8u12_all.deb

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAltdV/wUHHRtYW5jaWxs
QGRlYmlhbi5vcmcACgkQIdIFiZdLPpb2vRAAwzXxX3GHqjryF78LRp48+9ZXrbOk
L1LvCkFB0TiQ6O/5v0ws07ji6n29Q/4vGPXTCj77C1iLtN7FuBMmthOOEZ4Jn2aM
F9dM1X2awcLmTZmTiFqG1gtpsIUeZIUl7aocisHlMqYhj0hlQfYRCufMY6jIMaMt
xnZ3rQFKB/grMzzGgly16vZklrflrYn6OLUsL0t4wjrn4MU6o2yhs3pgbmGF0cVy
Twe+zxFUuYHxt+l1VnTwJtfUNKzm0YR3UuBCewL3QvOLomNGuHOI7ADh1oamAvId
FG+JZCLpsqtTpviVK4CIrNcDmHp8IMKq9E7hBrer9bOCZA+nCJcz9K1zoAUiYcCP
f1D4lvcyNqqcFaeo57XWcjmlnfsmAR7hSAAxB8vwBpCfJaK+kinRQIuSvirbriBn
L+6wRnEXoaKDFFLpRqIuSa9Xk4I7RBbeKdGJs8N+EkrhO9DF5G9dB89BHvrfoKU4
4AN8eudX+IoDMvnGeqVyk3FQGQ8JKFjd0DWyM0JMmGCqkhLTwVPXB2bIF3PmNW6E
iijRQYtxJZNIngxQIlXaUcwrdYT77AvaNQlF9/spmTyZUecRCP4VagiEj3BQz6/m
d7iqYTaqcXj/vVeE2dfC9YwAaToWS2uFXsYHuc0Uec26X24o/u8kDh34UZzBoOoT
IsL1wtkHF1RHgR0=
=szQo
-----END PGP SIGNATURE-----