Accepted:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 16 Sep 2016 14:33:51 +0200 Source: tomcat8 Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs Architecture: source all Version: 8.0.36-3~bpo8+1 Distribution: jessie-backports Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Emmanuel Bourg <ebo...@apache.org> Description: libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API classes libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API documenta libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries tomcat8 - Apache Tomcat 8 - Servlet and JSP engine tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web application tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web applicati tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user Closes: 825786 Changes: tomcat8 (8.0.36-3~bpo8+1) jessie-backports; urgency=medium . * Rebuild for jessie-backports. . tomcat8 (8.0.36-3) unstable; urgency=high . * Team upload. * Fixed CVE-2016-1240: A flaw in the init.d startup script allows local attackers who have gained access to the server in the context of the tomcat user through a vulnerability in a web application to replace the catalina.out file with a symlink to an arbitrary file on the system, potentially leading to a root privilege escalation. Thanks to Dawid Golunski for the report. * Removed the default 128M heap limit (LP: #568823) * Depend on taglibs-standard instead of jakarta-taglibs-standard . tomcat8 (8.0.36-2) unstable; urgency=medium . * Team upload. * Do not unconditionally overwrite files in /etc/tomcat8 anymore. (Closes: #825786) * Change file permissions to 640 for Debian files in /etc/tomcat8. . tomcat8 (8.0.36-1) unstable; urgency=medium . * Team upload. * New upstream release - Refreshed the patches - Depend on libecj-java (>= 3.11.0) * Standards-Version updated to 3.9.8 (no changes) * Use a secure Vcs-Git URL Checksums-Sha1: 08ef20bf01944459554552f20dc37862a114c32a 2855 tomcat8_8.0.36-3~bpo8+1.dsc 4f20d9b1102a19801571cda0daa1373e3b4a78bd 38980 tomcat8_8.0.36-3~bpo8+1.debian.tar.xz d7b3c8bf27286f612ca71f459f11169294ebf014 57086 tomcat8-common_8.0.36-3~bpo8+1_all.deb ce1f20e3ee34869b1a7fb198e3f812d33e4ad153 46830 tomcat8_8.0.36-3~bpo8+1_all.deb 29daa1270b2e1a135324ac9803572d8997e08d3f 34580 tomcat8-user_8.0.36-3~bpo8+1_all.deb 5aab2b8ec98383da21dca30d41c337cbfc3894d5 4659016 libtomcat8-java_8.0.36-3~bpo8+1_all.deb d8634793a63732cf7934d04693844d62281dbf53 391662 libservlet3.1-java_8.0.36-3~bpo8+1_all.deb 75e84bafa6ad3961d30d9348151f06b0fe08361d 250948 libservlet3.1-java-doc_8.0.36-3~bpo8+1_all.deb ce0f7f07df0ded19956782f80263fe64f228b557 34738 tomcat8-admin_8.0.36-3~bpo8+1_all.deb e16de606acd8c63a426d247b4bdb1db74930662e 193542 tomcat8-examples_8.0.36-3~bpo8+1_all.deb 43676499b753047ec295addafab3926d8d8ba2da 745632 tomcat8-docs_8.0.36-3~bpo8+1_all.deb Checksums-Sha256: 00b19c3ae87564fcc190fe69aa9008df91704e26211468a2022cdd31831b8f11 2855 tomcat8_8.0.36-3~bpo8+1.dsc 2905e1f73b11c4ffb2753c15bb7ce8e6f094b50df4c97cec991f8d0299515e19 38980 tomcat8_8.0.36-3~bpo8+1.debian.tar.xz c49efe6ec52eaa158108bccae5b7153824e63008b96c3c8329520884f07badea 57086 tomcat8-common_8.0.36-3~bpo8+1_all.deb abf76f05a08077d7d5977c0b7900274ac1064fa73393651baa411422229c1cf9 46830 tomcat8_8.0.36-3~bpo8+1_all.deb d637af936feb6ff34dc2bbaa40a613a7ebfe7bc19fa8fc727860e2c8d29603bd 34580 tomcat8-user_8.0.36-3~bpo8+1_all.deb e789079a555dd1b37bb84070da036ce49294bae23a11036867877ae69830a8bd 4659016 libtomcat8-java_8.0.36-3~bpo8+1_all.deb ea82d1bfa3edce31abbe8021f564d70f1ae4226134bf8b476be2542832061cae 391662 libservlet3.1-java_8.0.36-3~bpo8+1_all.deb f62410c7620c63b2c026aea46af7bda3c87976e8fba61b423ea5ac9e8750a570 250948 libservlet3.1-java-doc_8.0.36-3~bpo8+1_all.deb e0c500bfbbb6fce41e8870dd985dbb002a02a56ebc7c793a68863dc3addb8afc 34738 tomcat8-admin_8.0.36-3~bpo8+1_all.deb 0e2b10d6056f0314e39882f274682824043f6ee85f32ac431c1a3510201ad222 193542 tomcat8-examples_8.0.36-3~bpo8+1_all.deb 0f3b581fd28a8e09078b3e12e7a61ff5ca304925af5dd4861b2e3b3b4eb66534 745632 tomcat8-docs_8.0.36-3~bpo8+1_all.deb Files: 01e5a824209e3f4e7eba76c74915b61c 2855 java optional tomcat8_8.0.36-3~bpo8+1.dsc 30db1238c04ba526301bf1df208fa27f 38980 java optional tomcat8_8.0.36-3~bpo8+1.debian.tar.xz 7b67c75a358c1a893915d9f1643227d5 57086 java optional tomcat8-common_8.0.36-3~bpo8+1_all.deb bce09ee1f29182c66cbe89658f215e2e 46830 java optional tomcat8_8.0.36-3~bpo8+1_all.deb dcfc5121d5ad067d489172361b133eff 34580 java optional tomcat8-user_8.0.36-3~bpo8+1_all.deb b3964b74c92f68f49e2d927e9a1909aa 4659016 java optional libtomcat8-java_8.0.36-3~bpo8+1_all.deb 9292452d4a2f28ec2b355d3548eb4178 391662 java optional libservlet3.1-java_8.0.36-3~bpo8+1_all.deb 9b8e5083c2edf7124242052cef40794b 250948 doc optional libservlet3.1-java-doc_8.0.36-3~bpo8+1_all.deb fb92d2d00820dd1be6b9b3f8858cdae8 34738 java optional tomcat8-admin_8.0.36-3~bpo8+1_all.deb 42ad4bdf5f588fa8786dc19e84787b55 193542 java optional tomcat8-examples_8.0.36-3~bpo8+1_all.deb b26e2d4c8f4d05b4a05ef3ced1decbf9 745632 doc optional tomcat8-docs_8.0.36-3~bpo8+1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJX2+emAAoJEPUTxBnkudCsz9gQAKbF5lvQc1qJMFqFqB2EdnCu rn4zR83WB0K4BBsK/Oh5HMVrPP+QLk+ncYVBPKUAUy+gCYipTNELzwuCbt5L1hMX HL9RIHVYx4W+uw+Zx0/LAVTJi9lgA61xpAU/CrAMsQeqGwTY4WuaOH6LlJKmQVVE RjAOJYowpNM6fBS6UX+3NpUh2lvJ+ne0uGxHzZXDSd2SlyM3br9b5lA2Xvzed/GP nvI1Q2K8aetoPgT7mvDMhlHlVfmqk9LYvzj/kfYazeW3DGow7BUYx94RKEo2hnWv RMfdDQRJPqakVwfhHOBMjTMpKQEsaRgigX/4ti/5nn+TyFlayWHbizrE/4WK5BEy Znk9lwKVN2SdAXPgcAbUPVJWivce3PvkhLwqyiBxMLPX71RXFPWxl25mJgyAJtoX 1n9nn+PgsUnUMk3VGio2zZkcWuJDwP1i0kfIS1yv96ioN77rXZaTv2gjwoBZiHsH dm48uS5XF6AxVTtOz5q/wZGWcDJn24sVBlx2xu6zn7GdV9+aa7vOxdIkCdlQdCvg eb+N+y+XNiECikyOOooCsqeD6XUCynishJQWpk/p1ePl96fgNyki+Txqm+uQsECZ 9/CUuiL/IcSFC/xTvOooDQ3smSLEoX7gef2Xvt0DsbTE5UlPofUCgl4ImtSv22Ti Kb+wppZI+QZg3ZwADaBb =4m2Q -----END PGP SIGNATURE----- Thank you for your contribution to Debian. __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.