tomcat9 9.0.31-1~deb10u6 source package in Debian
Changelog
tomcat9 (9.0.31-1~deb10u6) buster-security; urgency=high * Team upload. * CVE-2021-30640: Fix NullPointerException. If no userRoleAttribute is specified in the user's Realm configuration its default value will be null. This will cause a NPE in the methods doFilterEscaping and doAttributeValueEscaping. This is upstream bug https://bz.apache.org/bugzilla/show_bug.cgi?id=65308 * Fix CVE-2021-41079: Apache Tomcat did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. -- Markus Koschany <email address hidden> Sat, 25 Sep 2021 22:17:13 +0200
Upload details
- Uploaded by:
- Debian Java Maintainers
- Uploaded to:
- Buster
- Original maintainer:
- Debian Java Maintainers
- Architectures:
- all
- Section:
- misc
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section | |
---|---|---|---|---|
Buster | release | main | misc |
Builds
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
tomcat9_9.0.31-1~deb10u6.dsc | 2.8 KiB | 8a9ca7fd50887a229a641f3070e39bdce6e4cc413486fd9367bf47df6f916325 |
tomcat9_9.0.31.orig.tar.xz | 3.7 MiB | d8d61755c7d670f44b58d5863a79b0f1e900c3a832d74d9b57d6bdc130bbd6c8 |
tomcat9_9.0.31-1~deb10u6.debian.tar.xz | 45.0 KiB | d2f2790cee37f6f9459fb6a07e996c08c13bbb3eeba4a367615d58a8bf0f1591 |
No changes file available.