tomcat9 9.0.31-1~deb10u6 source package in Debian
Changelog
tomcat9 (9.0.31-1~deb10u6) buster-security; urgency=high
* Team upload.
* CVE-2021-30640: Fix NullPointerException.
If no userRoleAttribute is specified in the user's Realm configuration its
default value will be null. This will cause a NPE in the methods
doFilterEscaping and doAttributeValueEscaping. This is upstream bug
https://bz.apache.org/bugzilla/show_bug.cgi?id=65308
* Fix CVE-2021-41079:
Apache Tomcat did not properly validate incoming TLS packets. When Tomcat
was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially
crafted packet could be used to trigger an infinite loop resulting in a
denial of service.
-- Markus Koschany <email address hidden> Sat, 25 Sep 2021 22:17:13 +0200
Upload details
- Uploaded by:
- Debian Java Maintainers
- Uploaded to:
- Buster
- Original maintainer:
- Debian Java Maintainers
- Architectures:
- all
- Section:
- misc
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Buster | release | main | misc |
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| tomcat9_9.0.31-1~deb10u6.dsc | 2.8 KiB | 8a9ca7fd50887a229a641f3070e39bdce6e4cc413486fd9367bf47df6f916325 |
| tomcat9_9.0.31.orig.tar.xz | 3.7 MiB | d8d61755c7d670f44b58d5863a79b0f1e900c3a832d74d9b57d6bdc130bbd6c8 |
| tomcat9_9.0.31-1~deb10u6.debian.tar.xz | 45.0 KiB | d2f2790cee37f6f9459fb6a07e996c08c13bbb3eeba4a367615d58a8bf0f1591 |
No changes file available.
