-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : tomcat7 Version : 7.0.28-4+deb7u11 CVE ID : CVE-2017-6056 Debian Bug : 854551
The update for tomcat7 issued as DLA-823-1 caused that the server could return HTTP 400 errors under certain circumstances. Updated packages are now available to correct this issue. For reference, the original advisory text follows. It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. For Debian 7 "Wheezy", these problems have been fixed in version 7.0.28-4+deb7u11. We recommend that you upgrade your tomcat7 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlit7A5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeR+rRAAymnmAypHH5iJ4B4Gqksi0fJ26ndbDq+3XWGXfQk+2j+FrKOIT/94+mqH PxE2AS5vqWRkunP8fcMQxaNtosq1DL6E1NzMyUBNqqw+T2/XJEK9J+aBmqc6MnKD SVwxQqMEpc7J70MhgEdrXORrDhIWnqLACTGjX8GnAE3Mf7wspPsCXtXtTHAcWqhR UJfVI8WKy86DOm0+OI1oiI2Yg339dRy+EKmdtYP8IEFL8uqrTKyQtu+yU7dNZrAm FYKLAhZmIDIReTLhoPikNMnW0+Hln5mhPSXXnhIjX3nmiVgw2oTRMvFmHBVEYWFB 8X0akqHIeLD3yFrlQkr/QS8pDZTuyRLjF5nuqHzPPrhTFLcRkfleCiZR5Nd4qg46 BXmxj0xg8khm3MOWJTR9YoUSdvq0wGk4GJqO4d3dx9UEFXptkjfpjMRT6/+lpmkn cvo01EBhaLdCn8Eqqezn0Ec089Dqf8mpoBOOX7lBA8dODMWt3G9NjBOVWTYCx6ze obZ0FK5vYm7yu6QZdH3iR8cje2SHNV7ipJCjAYKDykd2k7YcUhkcmUvsjdLqR6oo f1FZwWMAN1B4jZV1bExkU3DnxyPLHHZw63aaEgH+z8xOET1WcpZj+jpQNECpIhD2 yaJ4nufML5fcCDVPbvrtpqJOB8VldSAwNok53ZAyLBkPN48p6aM= =Vybi -----END PGP SIGNATURE-----
