Accepted tomcat9 9.0.31-1~deb10u8 (source) into oldstable
- To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
- Subject: Accepted tomcat9 9.0.31-1~deb10u8 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Wed, 05 Apr 2023 16:30:21 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: tomcat9_9.0.31-1~deb10u8_source.changes
- Debian-source: tomcat9
- Debian-suite: oldstable
- Debian-version: 9.0.31-1~deb10u8
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=Dq41If/15/MvRzGepDZ4FkelKROKc3w1wsFGO/aV5fg=; b=MLx8QsbSY7b6mkalwBF+Ibn08h Dw+pc4no0cw71JUhB4bNfszylndkKrc3jQbUlAdRCJ0badIpIZeMzi987FpHWNs0lnM5yPMq8MwtT rLafiCr7QSubT5qkyy0wFD9tx7wMPhplzeb6Okh27jgScZDR8VXtzrk5AbwUHUk2IUHf3DCmfZZ1R POvLZItY7sUOCEpwSfOm1tWVZKxLD4YAY8ZND+nfMFSkN30CGdG4m87iaDtMvR2ed8G6GnatlduwE XzqRKQXyaECMKenc5shUVCnW5CcdCp7KK4xVzEjKDcleN+rgqh6LGbjilj6RZ8PsWlUT60S9yYR4P wid5uwQQ==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1pk61d-00AbOE-QS@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 5 Apr 2023 18:23:55 CEST
Source: tomcat9
Architecture: source
Version: 9.0.31-1~deb10u8
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
4e0745cd0deb07a83c50c16d4fc3d085b8615b69 2889 tomcat9_9.0.31-1~deb10u8.dsc
7e34400a97c93048dc39165b49bfe830eb9bc53c 52148 tomcat9_9.0.31-1~deb10u8.debian.tar.xz
0be296fa0a9dfb92aa9127f14e62c09692c4bed9 13782 tomcat9_9.0.31-1~deb10u8_source.buildinfo
Checksums-Sha256:
6fa6a8687541cf88fd7802a8416ba9155f1d78432207935fea3e254b5e763c4c 2889 tomcat9_9.0.31-1~deb10u8.dsc
939a6d2677ad05da3398bafef3ea5f7af22a4c8917854d70f7a56cf6edc30439 52148 tomcat9_9.0.31-1~deb10u8.debian.tar.xz
7f7b7d4c27cb9becbf7b1a7ec32c31a38ad3c1344680eba57bf5ba4d4680dcac 13782 tomcat9_9.0.31-1~deb10u8_source.buildinfo
Changes:
tomcat9 (9.0.31-1~deb10u8) buster-security; urgency=high
.
* Team upload.
* Fix CVE-2022-42252:
Apache Tomcat was configured to ignore invalid HTTP headers via setting
rejectIllegalHeader to false. Tomcat did not reject a request containing an
invalid Content-Length header making a request smuggling attack possible if
Tomcat was located behind a reverse proxy that also failed to reject the
request with the invalid header.
* Fix CVE-2023-28708:
When using the RemoteIpFilter with requests received from a reverse proxy
via HTTP that include the X-Forwarded-Proto header set to https, session
cookies created by Apache Tomcat did not include the secure attribute. This
could result in the user agent transmitting the session cookie over an
insecure channel.
Files:
ef2094506244567e3bd6260940974720 2889 java optional tomcat9_9.0.31-1~deb10u8.dsc
93c170db7c291d70f6c2bd64cb9392e1 52148 java optional tomcat9_9.0.31-1~deb10u8.debian.tar.xz
545dabae2db34c5e2f0aaf46f6610091 13782 java optional tomcat9_9.0.31-1~deb10u8_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmQtoMZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkDPcP/2255CIuAkt5zJvy4V6DwKuf7+AAjyUwObhN
LO3pFmw6saOr2QUMTkBx9sFvy3k/oxmJ+rHAR0xsLRfKUiiG/E5E6PLF2IgSCqQZ
1Yegd+4MxtQeDLjXWwhMPJq15FvBIAJsHsVDS3VeT5QCT86bYdwSpOWbLIyi7YS9
JaN7qJSxHTPCNltYlR3j6F8b5KJoYmCGxXxlOB53Z0joJ3sOnDXnw7az+4Qf2Hps
oOYpTUeJZ/LVBIfrKw0WK+EgisA+ACzQvLu7pj4uKOiWNxGK8PzmAAZG037F0hpD
7kFquO+snnpulv0bmZx4PXfGHWJEnpdaqXs9nGPCOMcmBjud7FPUQQPtS6c++1AU
sYxLu6NrTfByL4ikxS61h8q+OEQzXa8B7Txj0R+s0AuWAtcPCsOu5OAewDkd/1Ur
refG6CTDxWFwTbtXNw9UmFipOcEuHVBgR2EBoFfAoVnd8TOgVSlSUH2QCDwMpOyW
2DMHhUFUcXZIanj0sf+vzVgVlZsQF77P6pklvlf7S6rX8w2DhIaqFvffOqUfQ93L
pnr9Cg/imgouztPJWRnYf78B/+47A6oXDAobibwAnSWylcWIiBa/1ccYr24ASWal
YTakQZsgqjwxJp+M/eFyl5IWZE2hjGWpobYRsZFjpErB/qk6awov/dTbqK/XQ455
fVvJ8Zms
=81Xh
-----END PGP SIGNATURE-----