Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 18 Apr 2017 16:18:17 +0200
Source: tomcat8
Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java 
libtomcat8-embed-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin 
tomcat8-examples tomcat8-docs
Architecture: source all
Version: 8.5.11-2~bpo8+1
Distribution: jessie-backports
Urgency: medium
Maintainer: Debian Java Maintainers 
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebo...@apache.org>
Description:
 libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API 
classes
 libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java 
API documenta
 libtomcat8-embed-java - Apache Tomcat 8 - Servlet and JSP engine -- embed 
libraries
 libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries
 tomcat8    - Apache Tomcat 8 - Servlet and JSP engine
 tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web 
application
 tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files
 tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation
 tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web 
applicati
 tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user
Closes: 860068
Changes:
 tomcat8 (8.5.11-2~bpo8+1) jessie-backports; urgency=medium
 .
   * Rebuild for jessie-backports.
 .
 tomcat8 (8.5.11-2) unstable; urgency=medium
 .
   * Team upload.
   * Fix the following security vulnerabilities (Closes: #860068):
     Thanks to Salvatore Bonaccorso for the report.
    - CVE-2017-5647:
      A bug in the handling of the pipelined requests when send file was used
      resulted in the pipelined request being lost when send file processing of
      the previous request completed. This could result in responses appearing
      to be sent for the wrong request. For example, a user agent that sent
      requests A, B and C could see the correct response for request A, the
      response for request C for request B and no response for request C.
    - CVE-2017-5648:
      It was noticed that some calls to application listeners did not use the
      appropriate facade object. When running an untrusted application under a
      SecurityManager, it was therefore possible for that untrusted application
      to retain a reference to the request or response object and thereby access
      and/or modify information associated with another web application.
    - CVE-2017-5650:
      The handling of an HTTP/2 GOAWAY frame for a connection did not close
      streams associated with that connection that were currently waiting for a
      WINDOW_UPDATE before allowing the application to write more data. These
      waiting streams each consumed a thread. A malicious client could therefore
      construct a series of HTTP/2 requests that would consume all available
      processing threads.
    - CVE-2017-5651:
      The refactoring of the HTTP connectors for 8.5.x onwards, introduced a
      regression in the send file processing. If the send file processing
      completed quickly, it was possible for the Processor to be added to the
      processor cache twice. This could result in the same Processor being used
      for multiple requests which in turn could lead to unexpected errors and/or
      response mix-up.
   *  debian/control: tomcat8: Fix Lintian error and depend on lsb-base.
Checksums-Sha1:
 3c66b3e19d99a85d7ce40ed1b6a272d39d917b63 2946 tomcat8_8.5.11-2~bpo8+1.dsc
 5cfb784b62022e7380e1c86080558272ec19f577 3306200 tomcat8_8.5.11.orig.tar.xz
 0878e3bb830425c0d31f8b42f75254e27a913dce 46192 
tomcat8_8.5.11-2~bpo8+1.debian.tar.xz
 de3870689547912ec843f2ed39ebc1ae7316a078 62694 
tomcat8-common_8.5.11-2~bpo8+1_all.deb
 35d11e7207fcb291884c1e424b1c12240970ced8 51920 tomcat8_8.5.11-2~bpo8+1_all.deb
 105f9fcb6d648ed5f92873460b63edbe194b3844 38694 
tomcat8-user_8.5.11-2~bpo8+1_all.deb
 9233f486017b67318a9a81bb6aafca2a50620528 4773300 
libtomcat8-java_8.5.11-2~bpo8+1_all.deb
 9bb3d47910e047746dac5b97b3b6af40d94c1c1b 3831792 
libtomcat8-embed-java_8.5.11-2~bpo8+1_all.deb
 6547cc17d32fe6345d38114fbf2beb1d89b8bdad 392868 
libservlet3.1-java_8.5.11-2~bpo8+1_all.deb
 1928b805da97e0325ae308afb43bc076efc0a8c0 252838 
libservlet3.1-java-doc_8.5.11-2~bpo8+1_all.deb
 8d3bc3cd4555e7243867d5afb7c3a0b9c422f4c4 33138 
tomcat8-admin_8.5.11-2~bpo8+1_all.deb
 3479916a69aae63082399a74da0289d9db7916b1 190368 
tomcat8-examples_8.5.11-2~bpo8+1_all.deb
 a10f71f3fa50ac815545a07d9327567143b09025 676068 
tomcat8-docs_8.5.11-2~bpo8+1_all.deb
Checksums-Sha256:
 43ae289887c8a0a1a7072812d5507af1b68c1c9636724c6c7fc9c4a57496e95d 2946 
tomcat8_8.5.11-2~bpo8+1.dsc
 a56fb177974572521e849400d0cb1bf8d7ddccb55dd8157fda48befaaa792774 3306200 
tomcat8_8.5.11.orig.tar.xz
 37259e9b298de6eebdac79cc4c28f5e7b207556bc229b80129fa1d7f088bf81a 46192 
tomcat8_8.5.11-2~bpo8+1.debian.tar.xz
 50fcb19e753ca1a1c8acb888c56d35e57a836130429c864545ac7f4f04f75461 62694 
tomcat8-common_8.5.11-2~bpo8+1_all.deb
 7c572dc2ff13a74ba6a78960f46e6f19c1130ff8c6ac915f0b592a2dddbd1b48 51920 
tomcat8_8.5.11-2~bpo8+1_all.deb
 8a8d0e1b123b0e20321798474b8565adde74c884f537ee4a33ae4fa132833312 38694 
tomcat8-user_8.5.11-2~bpo8+1_all.deb
 291dbabfd6f9b543fbb7352a87f45169e34d2d27b4c8fa819b11e9c359ad5362 4773300 
libtomcat8-java_8.5.11-2~bpo8+1_all.deb
 9133e8ae22ac656ffac18f3d51bd20e9a35fce1faf0dd82489deb11730abca35 3831792 
libtomcat8-embed-java_8.5.11-2~bpo8+1_all.deb
 212a77268f8c7f621f3b9e9bd61a2b302b7644a2a4d4ce45ba8fd734239c927b 392868 
libservlet3.1-java_8.5.11-2~bpo8+1_all.deb
 5666b953172194b463706ab70d2941b39648675a09699469dae5470b3ead7c9f 252838 
libservlet3.1-java-doc_8.5.11-2~bpo8+1_all.deb
 204a19fb3dc930af7239e44a6fe30b560be1d5bbbd7ec205bee3b4bddea7e338 33138 
tomcat8-admin_8.5.11-2~bpo8+1_all.deb
 0163ecaf4bdcc049df9d8a1bcb75d606b502688eb6bea83d295a01b5bc3714e3 190368 
tomcat8-examples_8.5.11-2~bpo8+1_all.deb
 ad9b163c9d5b5e6acc9793068537c75bffe44c2551b23f88bad99f385e0054d0 676068 
tomcat8-docs_8.5.11-2~bpo8+1_all.deb
Files:
 83c16c76118e1e02f7d1f30228e6cdb2 2946 java optional tomcat8_8.5.11-2~bpo8+1.dsc
 dc2ae8d3af773b5adf0e23b2e61c58a1 3306200 java optional 
tomcat8_8.5.11.orig.tar.xz
 bc760918cf8e1f127b339eeddafa4af1 46192 java optional 
tomcat8_8.5.11-2~bpo8+1.debian.tar.xz
 175b0b49764251fb26abdfe43ab9b879 62694 java optional 
tomcat8-common_8.5.11-2~bpo8+1_all.deb
 b932e51f040be8036e8ee2c02a134beb 51920 java optional 
tomcat8_8.5.11-2~bpo8+1_all.deb
 ec568cb3c09cffc774fe9b7f8f4c6552 38694 java optional 
tomcat8-user_8.5.11-2~bpo8+1_all.deb
 939f253b2d33df15c71ba7905cd4f2c7 4773300 java optional 
libtomcat8-java_8.5.11-2~bpo8+1_all.deb
 6a7746d56025605f8c0632e5b26a639c 3831792 java optional 
libtomcat8-embed-java_8.5.11-2~bpo8+1_all.deb
 2a64986cf2752eae405574d90a35f820 392868 java optional 
libservlet3.1-java_8.5.11-2~bpo8+1_all.deb
 0dc9bd265a066ece57b427e9eeacd959 252838 doc optional 
libservlet3.1-java-doc_8.5.11-2~bpo8+1_all.deb
 15e2916695baf2a4d92fd119a7578928 33138 java optional 
tomcat8-admin_8.5.11-2~bpo8+1_all.deb
 01ef3885cdc5da33a96d7bc41a445342 190368 java optional 
tomcat8-examples_8.5.11-2~bpo8+1_all.deb
 c81071950c1b9cbbb2b2131241706764 676068 doc optional 
tomcat8-docs_8.5.11-2~bpo8+1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJY9nFgAAoJEPUTxBnkudCsnG4QAKmk8Y8qSQcU3dcydeIrqqlJ
I5J+GvNUuGxAeajfoklBKId4IaKoZtfKSBQf6OfPSXNvc9Ripz8d8OxiJtoV3Vyz
Z35zy5qOC81UB/thH8qeJ8wuWJJ9V/iXI3KeK5F6ZWODo8eJS3PB08GLPSbRPH4o
FBLf2ujkyW2opB9X/8GSoG7EOnXmiL2Gdt0WP/TZQWeD3qtq/Q+dz0Lng15JtHjZ
DkKnApg4P3v8mvL4QvgctYtegJ74lVaBochK/pCI3i4LP6984GcCSBEkKQ6zsBsE
YO6/c6v5O/0EXJNJu/6pP7Fk/ao9/TewFX1EP1Vpt8Hhrie7MDJjPZKErrDa3xIH
YGuX7rtPJr0omCGBMu8WSd+O8vrSg5Bs0O2cuP6WDXo4ccVexrvDQ3TAHj6M6WW6
/cP7XXNWBMVXRyrGPw4FLxQc/EqRjoVrqIU8YZcHD/VuSx7v+vKK/iX/aQcSc1wA
FbFyfW9Os3x6T9HFTWiG88jkLQoJHhhAw39MjLpnGjx5zhktiLmMSp5Udx4fgp3n
vH0TjE9pdA3x6NEVpqJE+JoNetFY4UesUtF/KHlvKRFXFnhE3/HXxI+NEK42BY+a
+yXDUd/sYS7bMYzTG0PkJzC9bDZKKiwH4ybxRp37QqhiXdXi/KuGzBG2tLiH5nlb
W4PpodMSm+hv2lZ7GrCo
=dAf/
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.

__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to