Format: 1.8 Date: Wed, 27 Sep 2017 17:23:18 -0400 Source: tomcat8 Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs Architecture: all amd64_translations Version: 8.0.32-1ubuntu1.5 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API classes libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API documenta libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries tomcat8 - Apache Tomcat 8 - Servlet and JSP engine tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web application tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web applicati tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user Changes: tomcat8 (8.0.32-1ubuntu1.5) xenial-security; urgency=medium . * SECURITY UPDATE: loss of pipeline requests - debian/patches/CVE-2017-5647.patch: improve sendfile handling when requests are pipelined in java/org/apache/coyote/AbstractProtocol.java, java/org/apache/coyote/http11/Http11AprProcessor.java, java/org/apache/coyote/http11/Http11Nio2Processor.java, java/org/apache/coyote/http11/Http11NioProcessor.java, java/org/apache/tomcat/util/net/AprEndpoint.java, java/org/apache/tomcat/util/net/Nio2Endpoint.java, java/org/apache/tomcat/util/net/NioEndpoint.java, java/org/apache/tomcat/util/net/SendfileKeepAliveState.java. - CVE-2017-5647 * SECURITY UPDATE: incorrect facade object use - debian/patches/CVE-2017-5648.patch: ensure request and response facades are used when firing application listeners in java/org/apache/catalina/authenticator/FormAuthenticator.java, java/org/apache/catalina/core/StandardHostValve.java. - CVE-2017-5648 * SECURITY UPDATE: unexpected and undesirable results for static error pages - debian/patches/CVE-2017-5664.patch: use a more reliable mechanism in java/org/apache/catalina/servlets/DefaultServlet.java, java/org/apache/catalina/servlets/WebdavServlet.java. - CVE-2017-5664 * SECURITY UPDATE: client and server side cache poisoning in CORS filter - debian/patches/CVE-2017-7674.patch: set Vary header in response in java/org/apache/catalina/filters/CorsFilter.java. - CVE-2017-7674 Checksums-Sha1: e2c301e5a9e80dcd8122c7a597ea53e27de24482 240824 libservlet3.1-java-doc_8.0.32-1ubuntu1.5_all.deb a06ee8424ae77ec960c3382ce405e87a6dbd1d4a 390406 libservlet3.1-java_8.0.32-1ubuntu1.5_all.deb 5c8a4546fb214e8662e2dce12d871bd9e943d725 4655108 libtomcat8-java_8.0.32-1ubuntu1.5_all.deb e4052cf0feea30826059168ff50bd57280fd6ba0 30830 tomcat8-admin_8.0.32-1ubuntu1.5_all.deb 0a1f7aa6ee597a750aa64b8e27f228b6b70cf5aa 53024 tomcat8-common_8.0.32-1ubuntu1.5_all.deb 69b5890480ea3cf81e55e56164ebc966609235a1 675776 tomcat8-docs_8.0.32-1ubuntu1.5_all.deb 11203aabaab34c98e107bffcc325eddf719eae66 187886 tomcat8-examples_8.0.32-1ubuntu1.5_all.deb e1550241db380e38efcf73e86c8f958fdca801ce 30756 tomcat8-user_8.0.32-1ubuntu1.5_all.deb c5361508d905587036ddfd03822d3143ddfa0b4b 42274 tomcat8_8.0.32-1ubuntu1.5_all.deb 4cc6b595b3ce046d7cb1d5aee7d9cb5b4ece8b88 8099 tomcat8_8.0.32-1ubuntu1.5_amd64_translations.tar.gz Checksums-Sha256: 6e9619ca05085222e9a64a795bd0aad4ed60ea99d690f6f60e7e32e11b9d385e 240824 libservlet3.1-java-doc_8.0.32-1ubuntu1.5_all.deb 603e9f1e88204e0b88ca2d8711737006989685dba947e7d35dbe394bf18d2067 390406 libservlet3.1-java_8.0.32-1ubuntu1.5_all.deb 478229f4db33908abfe9b1b8a67f528f00277383b1868e402eebc42dcbc90f2b 4655108 libtomcat8-java_8.0.32-1ubuntu1.5_all.deb 028d8bb3ea6327cfb4649cecc63c1aca426c3e61fccbb7adcef86c9d5d8328e0 30830 tomcat8-admin_8.0.32-1ubuntu1.5_all.deb 5c9e0d985a259277a279dcb3213239f836e0b494e0cf8deb0bb5c6923c301801 53024 tomcat8-common_8.0.32-1ubuntu1.5_all.deb cac2286076af55efd3ca8eaf074f07d77e27dbf90a75c0f96cd0361210988dc4 675776 tomcat8-docs_8.0.32-1ubuntu1.5_all.deb e9590cebbb029c2020c4c21ecb71effae66bf3b0e3de9c9bbd72f8687db63f4b 187886 tomcat8-examples_8.0.32-1ubuntu1.5_all.deb 304033f071ffc3b2608170291d1c41096fbb5e48013b45e89b8da275450c703b 30756 tomcat8-user_8.0.32-1ubuntu1.5_all.deb e91422b576f2dd041ab50dfb3f097d66371cea80263d1963e923f7fdd6fb9089 42274 tomcat8_8.0.32-1ubuntu1.5_all.deb 29c97c621187f9dcf40e0650fa01833de11762dbfa5535b8718f42dccd12d2d9 8099 tomcat8_8.0.32-1ubuntu1.5_amd64_translations.tar.gz Files: a905d0f76361a722dd9d8d72f87be1dd 240824 doc optional libservlet3.1-java-doc_8.0.32-1ubuntu1.5_all.deb c3754f7eccf2409ff7120a5788b221ba 390406 java optional libservlet3.1-java_8.0.32-1ubuntu1.5_all.deb 3926edb6eed226a7d821ac75eeb28c80 4655108 java optional libtomcat8-java_8.0.32-1ubuntu1.5_all.deb a838e8b910366e34d62c76539e901e1e 30830 java optional tomcat8-admin_8.0.32-1ubuntu1.5_all.deb 73c0f0035f6ff9f576b8768190a93183 53024 java optional tomcat8-common_8.0.32-1ubuntu1.5_all.deb 6bdf18b6606def727d99b48f3ca5f450 675776 doc optional tomcat8-docs_8.0.32-1ubuntu1.5_all.deb cc88a777890ebae335e5912b7425969a 187886 java optional tomcat8-examples_8.0.32-1ubuntu1.5_all.deb aa6abed001b9e63889de1f4fdf59118a 30756 java optional tomcat8-user_8.0.32-1ubuntu1.5_all.deb 2252791200e7f5210d574807fa8a2520 42274 java optional tomcat8_8.0.32-1ubuntu1.5_all.deb 8a340d575da9fa3fe8172232b01775a7 8099 raw-translations - tomcat8_8.0.32-1ubuntu1.5_amd64_translations.tar.gz Original-Maintainer: Debian Java Maintainers