tomcat7_7.0.56-3+deb8u10_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates

2017-05-27 Thread Debian FTP Masters 


Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 30 Apr 2017 21:21:29 +0200
Source: tomcat7
Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java 
libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs
Architecture: source all
Version: 7.0.56-3+deb8u10
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Description:
 libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes
 libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation
 libtomcat7-java - Servlet and JSP engine -- core libraries
 tomcat7- Servlet and JSP engine
 tomcat7-admin - Servlet and JSP engine -- admin web applications
 tomcat7-common - Servlet and JSP engine -- common files
 tomcat7-docs - Servlet and JSP engine -- documentation
 tomcat7-examples - Servlet and JSP engine -- example web applications
 tomcat7-user - Servlet and JSP engine -- tools to create user instances
Changes:
 tomcat7 (7.0.56-3+deb8u10) jessie-security; urgency=high
 .
   * Team upload.
   * Fix the following security vulnerabilities:
- CVE-2017-5647:
  A bug in the handling of the pipelined requests when send file was used
  resulted in the pipelined request being lost when send file processing of
  the previous request completed. This could result in responses appearing
  to be sent for the wrong request. For example, a user agent that sent
  requests A, B and C could see the correct response for request A, the
  response for request C for request B and no response for request C.
- CVE-2017-5648:
  It was noticed that some calls to application listeners did not use the
  appropriate facade object. When running an untrusted application under a
  SecurityManager, it was therefore possible for that untrusted application
  to retain a reference to the request or response object and thereby access
  and/or modify information associated with another web application.
Checksums-Sha1:
 6b8961c359d7e315bc7abd7bd95f7d193ccfa0a2 2929 tomcat7_7.0.56-3+deb8u10.dsc
 89aa6331c48ec90eb353c30d5f5d546c2d6254e0 95252 
tomcat7_7.0.56-3+deb8u10.debian.tar.xz
 a497e1511c8f7096d5ac0dda76082c00590941da 64184 
tomcat7-common_7.0.56-3+deb8u10_all.deb
 dc25f43c602a4475687c072ece015c1a6d613066 53146 tomcat7_7.0.56-3+deb8u10_all.deb
 356ac728c4a920bda6dbee84c12330ff308857c3 40570 
tomcat7-user_7.0.56-3+deb8u10_all.deb
 5dbfb100838d3519c02b65db7341350fa4355590 3632734 
libtomcat7-java_7.0.56-3+deb8u10_all.deb
 b53d198b4f1094404fdf65535ed5d65ab324af05 316512 
libservlet3.0-java_7.0.56-3+deb8u10_all.deb
 075af4fa18871fc29e06f931bbf6f4b8f458ec01 206644 
libservlet3.0-java-doc_7.0.56-3+deb8u10_all.deb
 8d4152ac4f4bf32610262b55079f1650ff76256a 41560 
tomcat7-admin_7.0.56-3+deb8u10_all.deb
 92995236ab53ea7efb6d09dd90ac17e677b3fbe8 199798 
tomcat7-examples_7.0.56-3+deb8u10_all.deb
 b12d3c41ff6183be354647b6aff4a5e00088ab00 605918 
tomcat7-docs_7.0.56-3+deb8u10_all.deb
Checksums-Sha256:
 950197eee094103708968c22b41d29f9df6ef25f203c409c9ec6e157276cca82 2929 
tomcat7_7.0.56-3+deb8u10.dsc
 c5f810d1c157f9824e8777e7a4377f377232ec2417c36f4219d7244036d0df49 95252 
tomcat7_7.0.56-3+deb8u10.debian.tar.xz
 d757ad4a3430a7c2d944bb43359665e843b51e142265f07d9b59b013a0bcd7b9 64184 
tomcat7-common_7.0.56-3+deb8u10_all.deb
 659d3b29965b2d28b424da3846629f23631d842aa83109913d4cd5d13008baee 53146 
tomcat7_7.0.56-3+deb8u10_all.deb
 6b9ef016a9099dac32d910d7abb4f2f7725293c91cd37f1e786a58829b9478f7 40570 
tomcat7-user_7.0.56-3+deb8u10_all.deb
 b3dbd0f489534f8dc9a753c98000f195fb4e99b4877c9013e35ee08b838c 3632734 
libtomcat7-java_7.0.56-3+deb8u10_all.deb
 7d8d7d3cea5089b59a75f3a5a90abea6a306e8e8a00c1f04ce0664f0ad5e8eca 316512 
libservlet3.0-java_7.0.56-3+deb8u10_all.deb
 c7ef9278a4719d57e0846e0771420b3ceb643997ebd2a826650234c2ae128965 206644 
libservlet3.0-java-doc_7.0.56-3+deb8u10_all.deb
 b49cb761d762c250eb6ff0423979e1baea96438864b6f09505d7a5f9fa8c1c3d 41560 
tomcat7-admin_7.0.56-3+deb8u10_all.deb
 ecdef415b7c6fd1013a7605d83ca31943051e4d115feb7f55b68589f88aa2caf 199798 
tomcat7-examples_7.0.56-3+deb8u10_all.deb
 a4b558dd74662454c32a27616202a5a94e9f835bd660cbee2da401558fa4e77c 605918 
tomcat7-docs_7.0.56-3+deb8u10_all.deb
Files:
 5844050c3274298178d6ae169b1416b9 2929 java optional 
tomcat7_7.0.56-3+deb8u10.dsc
 81fcdbfb2a348a2077614f75953d66c4 95252 java optional 
tomcat7_7.0.56-3+deb8u10.debian.tar.xz
 b456c9c5842aea69e82f4a3e4d64a624 64184 java optional 
tomcat7-common_7.0.56-3+deb8u10_all.deb
 000caeb448ee4d37d1eddf780abe4af4 53146 java optional 
tomcat7_7.0.56-3+deb8u10_all.deb
 503c977f01684e705f0833a9ab2209d9 40570 java optional 
tomcat7-user_7.0.56-3+deb8u10_all.deb
 dedf3004639bcd8c4916623ac4500f84 3632734 java optional 
libtomcat7-java_7.0.56-3+deb8u10_all.deb
 f3bdfe7952ed0328e0ddeeb8b0cec3fc 316512 java optional

tomcat7_7.0.56-3+deb8u10_amd64.changes ACCEPTED into proposed-updates->stable-new

2017-05-03 Thread Debian FTP Masters 
Mapping stable-security to proposed-updates.

Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Sun, 30 Apr 2017 21:21:29 +0200
Source: tomcat7
Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java 
libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs
Architecture: source all
Version: 7.0.56-3+deb8u10
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers 

Changed-By: Markus Koschany 
Description:
 libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes
 libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation
 libtomcat7-java - Servlet and JSP engine -- core libraries
 tomcat7- Servlet and JSP engine
 tomcat7-admin - Servlet and JSP engine -- admin web applications
 tomcat7-common - Servlet and JSP engine -- common files
 tomcat7-docs - Servlet and JSP engine -- documentation
 tomcat7-examples - Servlet and JSP engine -- example web applications
 tomcat7-user - Servlet and JSP engine -- tools to create user instances
Changes:
 tomcat7 (7.0.56-3+deb8u10) jessie-security; urgency=high
 .
   * Team upload.
   * Fix the following security vulnerabilities:
- CVE-2017-5647:
  A bug in the handling of the pipelined requests when send file was used
  resulted in the pipelined request being lost when send file processing of
  the previous request completed. This could result in responses appearing
  to be sent for the wrong request. For example, a user agent that sent
  requests A, B and C could see the correct response for request A, the
  response for request C for request B and no response for request C.
- CVE-2017-5648:
  It was noticed that some calls to application listeners did not use the
  appropriate facade object. When running an untrusted application under a
  SecurityManager, it was therefore possible for that untrusted application
  to retain a reference to the request or response object and thereby access
  and/or modify information associated with another web application.
Checksums-Sha1:
 6b8961c359d7e315bc7abd7bd95f7d193ccfa0a2 2929 tomcat7_7.0.56-3+deb8u10.dsc
 89aa6331c48ec90eb353c30d5f5d546c2d6254e0 95252 
tomcat7_7.0.56-3+deb8u10.debian.tar.xz
 a497e1511c8f7096d5ac0dda76082c00590941da 64184 
tomcat7-common_7.0.56-3+deb8u10_all.deb
 dc25f43c602a4475687c072ece015c1a6d613066 53146 tomcat7_7.0.56-3+deb8u10_all.deb
 356ac728c4a920bda6dbee84c12330ff308857c3 40570 
tomcat7-user_7.0.56-3+deb8u10_all.deb
 5dbfb100838d3519c02b65db7341350fa4355590 3632734 
libtomcat7-java_7.0.56-3+deb8u10_all.deb
 b53d198b4f1094404fdf65535ed5d65ab324af05 316512 
libservlet3.0-java_7.0.56-3+deb8u10_all.deb
 075af4fa18871fc29e06f931bbf6f4b8f458ec01 206644 
libservlet3.0-java-doc_7.0.56-3+deb8u10_all.deb
 8d4152ac4f4bf32610262b55079f1650ff76256a 41560 
tomcat7-admin_7.0.56-3+deb8u10_all.deb
 92995236ab53ea7efb6d09dd90ac17e677b3fbe8 199798 
tomcat7-examples_7.0.56-3+deb8u10_all.deb
 b12d3c41ff6183be354647b6aff4a5e00088ab00 605918 
tomcat7-docs_7.0.56-3+deb8u10_all.deb
Checksums-Sha256:
 950197eee094103708968c22b41d29f9df6ef25f203c409c9ec6e157276cca82 2929 
tomcat7_7.0.56-3+deb8u10.dsc
 c5f810d1c157f9824e8777e7a4377f377232ec2417c36f4219d7244036d0df49 95252 
tomcat7_7.0.56-3+deb8u10.debian.tar.xz
 d757ad4a3430a7c2d944bb43359665e843b51e142265f07d9b59b013a0bcd7b9 64184 
tomcat7-common_7.0.56-3+deb8u10_all.deb
 659d3b29965b2d28b424da3846629f23631d842aa83109913d4cd5d13008baee 53146 
tomcat7_7.0.56-3+deb8u10_all.deb
 6b9ef016a9099dac32d910d7abb4f2f7725293c91cd37f1e786a58829b9478f7 40570 
tomcat7-user_7.0.56-3+deb8u10_all.deb
 b3dbd0f489534f8dc9a753c98000f195fb4e99b4877c9013e35ee08b838c 3632734 
libtomcat7-java_7.0.56-3+deb8u10_all.deb
 7d8d7d3cea5089b59a75f3a5a90abea6a306e8e8a00c1f04ce0664f0ad5e8eca 316512 
libservlet3.0-java_7.0.56-3+deb8u10_all.deb
 c7ef9278a4719d57e0846e0771420b3ceb643997ebd2a826650234c2ae128965 206644 
libservlet3.0-java-doc_7.0.56-3+deb8u10_all.deb
 b49cb761d762c250eb6ff0423979e1baea96438864b6f09505d7a5f9fa8c1c3d 41560 
tomcat7-admin_7.0.56-3+deb8u10_all.deb
 ecdef415b7c6fd1013a7605d83ca31943051e4d115feb7f55b68589f88aa2caf 199798 
tomcat7-examples_7.0.56-3+deb8u10_all.deb
 a4b558dd74662454c32a27616202a5a94e9f835bd660cbee2da401558fa4e77c 605918 
tomcat7-docs_7.0.56-3+deb8u10_all.deb
Files:
 5844050c3274298178d6ae169b1416b9 2929 java optional 
tomcat7_7.0.56-3+deb8u10.dsc
 81fcdbfb2a348a2077614f75953d66c4 95252 java optional 
tomcat7_7.0.56-3+deb8u10.debian.tar.xz
 b456c9c5842aea69e82f4a3e4d64a624 64184 java optional 
tomcat7-common_7.0.56-3+deb8u10_all.deb
 000caeb448ee4d37d1eddf780abe4af4 53146 java optional 
tomcat7_7.0.56-3+deb8u10_all.deb
 503c977f01684e705f0833a9ab2209d9 40570 java optional 
tomcat7-user_7.0.56-3+deb8u10_all.deb
 dedf3004639bcd8c4916623ac4500f84 3632734 java optional 
libtomcat7-java_7.0.56-3+deb8u10_all.deb
 f3bdfe7952ed0328e0ddeeb8b0cec3fc 316512 java