Publishing details

• Published on 2022-03-26

Changelog

tomcat9 (9.0.31-1~deb10u6) buster-security; urgency=high

  * Team upload.
  * CVE-2021-30640: Fix NullPointerException.
    If no userRoleAttribute is specified in the user's Realm configuration its
    default value will be null. This will cause a NPE in the methods
    doFilterEscaping and doAttributeValueEscaping. This is upstream bug
    https://bz.apache.org/bugzilla/show_bug.cgi?id=65308
  * Fix CVE-2021-41079:
    Apache Tomcat did not properly validate incoming TLS packets. When Tomcat
    was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially
    crafted packet could be used to trigger an infinite loop resulting in a
    denial of service.

 -- Markus Koschany <email address hidden>  Sat, 25 Sep 2021 22:17:13 +0200

Builds

Package files

• tomcat9_9.0.31-1~deb10u6.debian.tar.xz (45.0 KiB)
• tomcat9_9.0.31-1~deb10u6.dsc (2.8 KiB)
• tomcat9_9.0.31.orig.tar.xz (3.7 MiB)