Accepted:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 15 Aug 2016 17:38:02 +0200 Source: tomcat8 Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs Architecture: source all Version: 8.0.14-1+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API classes libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API documenta libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries tomcat8 - Apache Tomcat 8 - Servlet and JSP engine tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web application tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web applicati tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user Closes: 825786 Changes: tomcat8 (8.0.14-1+deb8u3) jessie-security; urgency=high . * Team upload. * Fix CVE-2016-1240: tomcat8.init: Protect /var/lib/tomcat8/catalina.out against a symlink attack and possible root privilege escalation. * Do not unconditionally overwrite files in /etc/tomcat8 anymore. (Closes: #825786) * Change file permissions to 640 for Debian files in /etc/tomcat8. Checksums-Sha1: b787a4d3a0c753e8aea7a0ee076ef7e4b5e783ed 2974 tomcat8_8.0.14-1+deb8u3.dsc f7df627b8810332dc14d38a03b6443e31b1d4f21 51488 tomcat8_8.0.14-1+deb8u3.debian.tar.xz a2b66307cd6c5dbf4e62e948e0033e25b658c9e4 55928 tomcat8-common_8.0.14-1+deb8u3_all.deb 8a6fd07a7d310ff07711ff62c8a4702bc4c2ca20 45616 tomcat8_8.0.14-1+deb8u3_all.deb 9890ac75ef2fe685280a9177ac48128cb7ef918c 33036 tomcat8-user_8.0.14-1+deb8u3_all.deb c482cd85082d0e0d7303db3728fff941e242f3ae 4584010 libtomcat8-java_8.0.14-1+deb8u3_all.deb a0b2dbd8c0570cb5852c92a68a687f544e15994d 390484 libservlet3.1-java_8.0.14-1+deb8u3_all.deb d734769ae0f2b7b822a245905e8a89b65296f36e 245194 libservlet3.1-java-doc_8.0.14-1+deb8u3_all.deb 2148b3de85a4a7287a0538a2651c3c2874a0ba1f 34470 tomcat8-admin_8.0.14-1+deb8u3_all.deb 724d55a85d02c7ce3fc3371935301f0b60084d5f 192324 tomcat8-examples_8.0.14-1+deb8u3_all.deb db7b703b7eb73470452fb5426006680ea74d5b43 687728 tomcat8-docs_8.0.14-1+deb8u3_all.deb Checksums-Sha256: 4cc035fb7c90af3a32fbfe442a38b3156ca4564309c78d10e0c0022413275563 2974 tomcat8_8.0.14-1+deb8u3.dsc 30460d122d7562609f449e5571365552024961fe9ed853691ee57da76c85b650 51488 tomcat8_8.0.14-1+deb8u3.debian.tar.xz 212cfcf2c0a16f978df53ccd8c2bf24886bc811df26c3e1f613d3e1f9f967b72 55928 tomcat8-common_8.0.14-1+deb8u3_all.deb 2a0579e342c8e3529dc875598a991249cf567bb3876b9c222edbd998aa1f5438 45616 tomcat8_8.0.14-1+deb8u3_all.deb bbc11c9caa712a6c1c7d4deeee2f6f4bb47d9e5d72c1a4978a89628ba76769cf 33036 tomcat8-user_8.0.14-1+deb8u3_all.deb 9553262c98ac0506ff6bb5f48db8b252aa9c28bfdb38c0bdd395fd8920dfe874 4584010 libtomcat8-java_8.0.14-1+deb8u3_all.deb a0260c64d1dabe60a60c2cc0147e7393dd8762e02db584776cb0b0495ffa1f9d 390484 libservlet3.1-java_8.0.14-1+deb8u3_all.deb d4a3b7b7c02950d4053b827b5a09f44fd6c3cb7a33b056ef346e202eeac2f59f 245194 libservlet3.1-java-doc_8.0.14-1+deb8u3_all.deb 1ddb4b0c4877913c1eb43fe2d135121f68cd74ecf922bbf933a4afda1c8e660f 34470 tomcat8-admin_8.0.14-1+deb8u3_all.deb 2ebb6c2083a2f9f6f3a2b891035b2f9e51cb1300e18703581f3e7dd0f08f1d6e 192324 tomcat8-examples_8.0.14-1+deb8u3_all.deb d77db45b6e9161d54f58eb5fed93a5e0092de25da2d80ecc957a3d18185b901b 687728 tomcat8-docs_8.0.14-1+deb8u3_all.deb Files: a2aacac1bc97ad751377626a20a6644b 2974 java optional tomcat8_8.0.14-1+deb8u3.dsc 7befb3ce086ead4ff3c568079ff58378 51488 java optional tomcat8_8.0.14-1+deb8u3.debian.tar.xz 63a860b00c38c8a1292e03941f355a52 55928 java optional tomcat8-common_8.0.14-1+deb8u3_all.deb 95486ea2629b1b83558646ec9d36d1dd 45616 java optional tomcat8_8.0.14-1+deb8u3_all.deb 2ead9594f79cc4a991dda97113449a72 33036 java optional tomcat8-user_8.0.14-1+deb8u3_all.deb a40da7241683434d1a0e27a30787efa2 4584010 java optional libtomcat8-java_8.0.14-1+deb8u3_all.deb dfcc0da1fa51620eb832e666c5c160cd 390484 java optional libservlet3.1-java_8.0.14-1+deb8u3_all.deb d089da421e468826020031cdb141de7f 245194 doc optional libservlet3.1-java-doc_8.0.14-1+deb8u3_all.deb d62a27e6ee9068f6cec42259ba1aa671 34470 java optional tomcat8-admin_8.0.14-1+deb8u3_all.deb 8d8738a00e86c4b653716d56a7d07455 192324 java optional tomcat8-examples_8.0.14-1+deb8u3_all.deb 602065eb7473f89562fb3e41249e597b 687728 doc optional tomcat8-docs_8.0.14-1+deb8u3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJXseY7XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkdWEQAJnYR8sooQDSZYSw3AFJmsIn q5vcW9GPmlt+khJ5jX9UP/DEqBno9k2h2ylCOtpk8la0b+v4T3HIDdIEi806pT2N EfkrAAb88hAcBuFUxFd8SlOnFW8UFAoiONPMGsl5MPtFgb3vvQaDC8svN/zAxxLt Ze06B2U7IZfd22z4T7NQMgMbvtXjEGcP+Lk26ekxPXgRiCyRVE+nogPW50uleKqP woPbYuCQtm6KOObUytXgpMHN+RRUIobddkfF8l63XeZRKaAqWXt2p5dmHZAjymCf F+PoWioStIpi5CnPyz6n0lSvm0tARtwiqILtrgb8VW2EBKD0WnouFPi4o4bT83AK vIEFC5sPASh96aYKVc/4H8ZxycYvZlbtVF05PebPs4Jm5/CW02O0TSSvTSFWakLO XJBn1XECiVU+DBdP0zvoqo7+SYMGEAlH4wavSiagpaaFdtrdPnOE3qzxB6gv5uUu knfuUK17fMk1G4iXCEdmv3h7cGi6VmMx+iNyK85udCm0/e4OTwxZY1yTVt2cMY25 j2TmFXX9qvCQoR1/ktFlf8w1Mg4+iomSYxkY9sUytmPpDjdYaHhuCeVBZXoUAMDf oQLeCzQXs+ZfTUsqPLweiaBFcDZjRFR6MY/cd8n/i9Z/QpaeEs9Wnw+IlebummnV vcWI5GB173/Uw9crDd8e =6qe7 -----END PGP SIGNATURE----- Thank you for your contribution to Debian. __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.