Publishing details
Changelog
tomcat9 (9.0.31-1~deb10u6) buster-security; urgency=high
* Team upload.
* CVE-2021-30640: Fix NullPointerException.
If no userRoleAttribute is specified in the user's Realm configuration its
default value will be null. This will cause a NPE in the methods
doFilterEscaping and doAttributeValueEscaping. This is upstream bug
https://bz.apache.org/bugzilla/show_bug.cgi?id=65308
* Fix CVE-2021-41079:
Apache Tomcat did not properly validate incoming TLS packets. When Tomcat
was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially
crafted packet could be used to trigger an infinite loop resulting in a
denial of service.
-- Markus Koschany <email address hidden> Sat, 25 Sep 2021 22:17:13 +0200
Builds
Package files