Debian
tomcat9 package

tomcat9 9.0.31-1~deb10u5 source package in Debian

Changelog

tomcat9 (9.0.31-1~deb10u5) buster-security; urgency=high

  * Team upload.
  * Fix CVE-2021-30640:
    A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to
    authenticate using variations of a valid user name and/or to bypass some of
    the protection provided by the LockOut Realm.
  * Fix CVE-2021-33037:
    Apache Tomcat did not correctly parse the HTTP transfer-encoding request
    header in some circumstances leading to the possibility to request
    smuggling when used with a reverse proxy. Specifically: - Tomcat
    incorrectly ignored the transfer encoding header if the client declared it
    would only accept an HTTP/1.0 response; - Tomcat honoured the identify
    encoding; and - Tomcat did not ensure that, if present, the chunked
    encoding was the final encoding. (Closes: #991046)

 -- Markus Koschany <email address hidden>  Sat, 07 Aug 2021 18:25:15 +0200

Upload details

Uploaded by:
Debian Java Maintainers
Uploaded to:
Buster
Original maintainer:
Debian Java Maintainers
Architectures:
all
Section:
misc
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
tomcat9_9.0.31-1~deb10u5.dsc 2.8 KiB f9a4b8599e83f44403f41bbd196402a30a79ee6484be3b2a096295c506537028
tomcat9_9.0.31.orig.tar.xz 3.7 MiB d8d61755c7d670f44b58d5863a79b0f1e900c3a832d74d9b57d6bdc130bbd6c8
tomcat9_9.0.31-1~deb10u5.debian.tar.xz 44.2 KiB 9ab55c9a9eee46b1864bd06e44814676fbdda458bd48183694387e423e0dcb1b

No changes file available.

Binary packages built by this source