Accepted tomcat8 8.0.14-1+deb8u14 (source all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 15 Oct 2018 14:03:25 +0200
Source: tomcat8
Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs
Architecture: source all
Version: 8.0.14-1+deb8u14
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API classes
libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API documenta
libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries
tomcat8 - Apache Tomcat 8 - Servlet and JSP engine
tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web application
tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files
tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation
tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web applicati
tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user
Changes:
tomcat8 (8.0.14-1+deb8u14) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2018-11784:
Sergey Bobrov discovered that when the default servlet returned a redirect
to a directory (e.g. redirecting to /foo/ when the user requested /foo) a
specially crafted URL could be used to cause the redirect to be generated
to any URI of the attackers choice.
Checksums-Sha1:
483bd2b2c0b26b9d4aaba5b973cb6f04f02ac0be 3013 tomcat8_8.0.14-1+deb8u14.dsc
386cde1ba24e2b35b910dff32d9cc3ab7f8195ed 83496 tomcat8_8.0.14-1+deb8u14.debian.tar.xz
e5cedf46b9ec9180944a4eec0a9282412aac0214 59290 tomcat8-common_8.0.14-1+deb8u14_all.deb
64a1525eb33f8c478560c109558f1c8ce59db2c3 48936 tomcat8_8.0.14-1+deb8u14_all.deb
f93d431280b9752ee58ffdc776dba62fe830bb0b 36376 tomcat8-user_8.0.14-1+deb8u14_all.deb
9dd8db299c38f5dd1411751e18e048ec29c35e6a 4593594 libtomcat8-java_8.0.14-1+deb8u14_all.deb
fc9cda1b97edb504d8d21cb76772f38bb23afe70 393962 libservlet3.1-java_8.0.14-1+deb8u14_all.deb
8a54097693c6625fe33576bc73f834dc9c8bfc5a 249606 libservlet3.1-java-doc_8.0.14-1+deb8u14_all.deb
f0fca34ff7506ceb84c8f9a676154af9a4dfd9d0 37742 tomcat8-admin_8.0.14-1+deb8u14_all.deb
c622c2a7e6398fe5153fb7e53947204d78a785d9 195998 tomcat8-examples_8.0.14-1+deb8u14_all.deb
8dd5a377f9c682ea50c34ade4973779299a21173 691472 tomcat8-docs_8.0.14-1+deb8u14_all.deb
Checksums-Sha256:
e2c2423481bd85e92aa36fba817c30ece577ebc18eb6979e9401a2934ea1c532 3013 tomcat8_8.0.14-1+deb8u14.dsc
442f04ad5ee3f95bd45f9dbd5150abd27700514b11c437ab9cf2384ae6da395f 83496 tomcat8_8.0.14-1+deb8u14.debian.tar.xz
dc7a757ef96de370dcff43665cfdbf484be76fe9b7105ccd9b2c27e5760897f3 59290 tomcat8-common_8.0.14-1+deb8u14_all.deb
1c829d3de94ad175f5a2ebb5d5340eb73cce9f7dc265ff6b13c1683e818f2f73 48936 tomcat8_8.0.14-1+deb8u14_all.deb
a024135f3d7bfb0c24b942ab27d97398fd6494f6ee0481d910f348fd75153cd0 36376 tomcat8-user_8.0.14-1+deb8u14_all.deb
e50f8a639c4ea95cfa531fa4b71d882543c4364f3f5e72e4e9842a7c5c202c7d 4593594 libtomcat8-java_8.0.14-1+deb8u14_all.deb
0fc511340e82e1a020681cdb0cf096d911c4cd8ed124c0e716e2dc7699c31a4b 393962 libservlet3.1-java_8.0.14-1+deb8u14_all.deb
ef139eb546bddc4368190d890a90d867e62e94bf0a26d434c636b4add794486c 249606 libservlet3.1-java-doc_8.0.14-1+deb8u14_all.deb
e0871b7c740d51c4f1501013d7dc0e7d105d8a3c30e676a51c81abc077b3ba8f 37742 tomcat8-admin_8.0.14-1+deb8u14_all.deb
063a2970950c7c135a210a9ac818fc579ad05e986fec3515d6ad1c658af65357 195998 tomcat8-examples_8.0.14-1+deb8u14_all.deb
822a137d052ebc85127f73d70b5d1b93451d95b6ca6628afd373cf5d0c2a4b32 691472 tomcat8-docs_8.0.14-1+deb8u14_all.deb
Files:
71c81dd1bfa3cf6e2e4152dfb2509e48 3013 java optional tomcat8_8.0.14-1+deb8u14.dsc
d43a3a875d44d7c09fd65cc232c33e85 83496 java optional tomcat8_8.0.14-1+deb8u14.debian.tar.xz
58cb5a3f4978cc2fa46d786f0de4a1a8 59290 java optional tomcat8-common_8.0.14-1+deb8u14_all.deb
6e50478115aa2b0ec6cf1f1325737fc0 48936 java optional tomcat8_8.0.14-1+deb8u14_all.deb
d7b461f9384d6394d6b8387c7639dc50 36376 java optional tomcat8-user_8.0.14-1+deb8u14_all.deb
49fdd2fdf18af38885aef5d71ede9c07 4593594 java optional libtomcat8-java_8.0.14-1+deb8u14_all.deb
57c90210da0d50df98d2378d9ff5765a 393962 java optional libservlet3.1-java_8.0.14-1+deb8u14_all.deb
0a15081777f61963f71c6472b42c1492 249606 doc optional libservlet3.1-java-doc_8.0.14-1+deb8u14_all.deb
a9fdad03f03b8f1aad3e7b819e7a0865 37742 java optional tomcat8-admin_8.0.14-1+deb8u14_all.deb
bab2fca7699716779adbb0afdc824543 195998 java optional tomcat8-examples_8.0.14-1+deb8u14_all.deb
4a15fcfe0b317103e6d9a62c55f1a1fc 691472 doc optional tomcat8-docs_8.0.14-1+deb8u14_all.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlvEr+lfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hkb0cQALd2kVAWwEpPNGbv2Aw5mGsyA9kcINcHnea9
E806Asv/U4qMEoQwZBrRb+QzwDTcRCCEKs4Hhqjv6PcVkCstbe+QlNHM26x7owIs
ZKF08KOtKUP1aSb00wN0EhQlRn0vK3VUP4w6Dur8AkRAw+1QUSxMdAfZchYgB2mF
KmTvPSEsD45FDPFgXVYxi/jstsh9sZKbdyV2/FCQxbVlLeFVpyHWLzMiwITA+/6c
L7h4uVVQrdVHUAdm2cdMVvP8ZF/61vexjXsH65h2DEFNyoNfdNP7gMQ5s99KlIFw
WPWwZQiLygzNLqTYZD5gG/ppRoMGMEnGsIWB8KaYbzwTv1GtiL5NyZNF85XVT0OU
4Hk/HC6mOYRx+o9LYjUysx0StvaYf8YWxnFGTv+5mlIaMbuCj3pNH9S7IyMZQ+1A
uP3bFSnVqm3auVcgaEBjvIaV6RfIFpEbPKNZb++5Sy8Bpc/vl6aEVR1b+zY0y4X+
FB3Kld2YdDXy2PWbOKlWrTwDD3Sffh/dN88OnXfIvVOBgc/v4jEjg9zsq9ag7vzj
1j01369etKLn8y8R7o30dWHJpypFlebZYB02srQz3RJcivdJTRE8r4CvnMA2aCrO
Pl7daLLCkK76SR6qwW9uYgJwiVvnSA6tAgwIaDMyy3BVn1rHbRR6jEoCjcrnbdpx
pa0A+KmV
=+W6j
-----END PGP SIGNATURE-----