Accepted tomcat9 9.0.31-1~deb10u11 (source) into oldoldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted tomcat9 9.0.31-1~deb10u11 (source) into oldoldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 04 Jan 2024 23:40:20 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: tomcat9_9.0.31-1~deb10u11_source.changes
- Debian-source: tomcat9
- Debian-suite: oldoldstable
- Debian-version: 9.0.31-1~deb10u11
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=pYQOHhFCcK5bYZMq45NCLqVn832PHk6MU4NqtFlbIqs=; b=b1Z6KBzL8w0/1w+KnQZksaSOcN FPa4EdKir7QbYZfT9VOphw31oRDwGk96xmsO7TUJbtzWizjC/dKABPpPuBNcJl4SAtHzftRJ4gGYB BvUYFfPCQOqRRn7fDym5f0JDdlCT3sGVPFe01DXHkK09/EB38knIdoJy60j91NZ0tNLCInCjrpVck cm2xi/jSJWTLNY03YwPE6VqMgRV5x43eDiWzZnPVj7xM/G2/I39dv/Hh9Iz3xzBifFsiG9H8Kv/Wn MbHwcNoLWoyRt8R/CWtqybdY54EwDWNYINsvrKikhLgzrFklNx3NT6ZsDSdYI1nl5gfI9esKo953D dOU/7oaw==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1rLXK0-004AVm-9W@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 04 Jan 2024 21:53:23 +0000
Source: tomcat9
Architecture: source
Version: 9.0.31-1~deb10u11
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1057082
Changes:
tomcat9 (9.0.31-1~deb10u11) buster-security; urgency=high
.
* Team upload
* Fix CVE-2023-46589 (Closes: #1057082):
An Improper Input Validation vulnerability was found. Tomcat
did not correctly parse HTTP trailer headers. A trailer
header that exceeded the header size limit could cause Tomcat
to treat a single request as multiple requests leading
to the possibility of request smuggling when behind a reverse proxy.
Checksums-Sha1:
81f1e18509dc1c11cd949ba0cf475052f61f3209 2767 tomcat9_9.0.31-1~deb10u11.dsc
fc1be178e650d962ae1a2bd0e10f20be9b42be7c 66556 tomcat9_9.0.31-1~deb10u11.debian.tar.xz
feed30f47a59097b1ff1ab12659f2fcebb5cf95b 14058 tomcat9_9.0.31-1~deb10u11_amd64.buildinfo
Checksums-Sha256:
dd2648ea8c85e61d02b56a2b94b94797876f7a89cbadb3ccb1f2a8ac4eeda51a 2767 tomcat9_9.0.31-1~deb10u11.dsc
0099dc5cb5fce715c3887e86a6f9a5bafbdd2289d5e110ee955aab31419b44e6 66556 tomcat9_9.0.31-1~deb10u11.debian.tar.xz
468e5b9e397c205b1cd7b52125f1cffc76925e58192745591512e2eea5930920 14058 tomcat9_9.0.31-1~deb10u11_amd64.buildinfo
Files:
17febc46eb537f9155d499bae53d2406 2767 java optional tomcat9_9.0.31-1~deb10u11.dsc
287f6d6be7baa5f0b0ff6859822693d7 66556 java optional tomcat9_9.0.31-1~deb10u11.debian.tar.xz
4a16d44daec0cd26d01c552e5ae327b9 14058 java optional tomcat9_9.0.31-1~deb10u11_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmWXPw8RHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF9oARAApeMFhpEYnxAH+ZTrF5VCNdXt3QnCCLMo
BkKlVjWbXIyy9+akSVi3BVNip55HqObTH/HDqa9ZCdn8A7YgecYv2QxxxWmFGcX+
MWdXyTeMIVRgeP2bWBQaG1AMoZ/KvQhftbhNqFfJzxsnS5/Ex7NzdQ29INx5O5SW
El/AYwO92lAWsOsL/rjGrnDCxadTbHbukf2bK/oYvsbkmv8I1l83fPNyRM/blIsr
JeWHwDLGg7OpLRrPw1VzznXl2RPk81r4uM+P4n3b+I1TEORcJ0iRRz6bdY323hWH
Bxxermu13P4TfirvOBHmlv0E9NZRtj53eoe1FMemdwJFrN/q9lwQMOfs/pS7jfdj
nsSuz4xUbIub41XLeUYj9JM7T3bbP6mhNIJrKPgp3x8+quryaWsfZL4I6P0dsLMy
6uovpnO7QqS5JUsrBPXdhwYWphTxcUzG88wZTJjO9Pc0foes9jgwidTEvYAcS9jQ
Pg+Ianv+MQGJtdSI7ISCYdhIzIwM7PStXbkHBmAG4hBKQ8kevdY6mtsOsl36eb+M
pNPDbQS1uXwXCS2gnyxohtxaxc3u7zgS10DTRjFuuw7zymgthXN845CPs5iPdpXp
O1avhP07NxksgsNvhfkRT0asaQXRkUTOKIg1xa6cDC82A+UrZG+Nfxi1/X/DMWxE
UMA1gUof4bk=
=I187
-----END PGP SIGNATURE-----