Format: 1.8 Date: Fri, 24 Jan 2020 11:24:30 -0500 Source: tomcat8 Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs Architecture: all amd64_translations Version: 8.0.32-1ubuntu1.11 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API classes libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API documenta libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries tomcat8 - Apache Tomcat 8 - Servlet and JSP engine tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web application tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web applicati tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user Changes: tomcat8 (8.0.32-1ubuntu1.11) xenial-security; urgency=medium . * SECURITY UPDATE: JMX interface authentication bypass - debian/patches/CVE-2019-12418.patch: refactor JMX remote RMI registry creation in JmxRemoteLifecycleListener.java. - CVE-2019-12418 * SECURITY UPDATE: session fixation attack in FORM authentication - debian/patches/CVE-2019-17563.patch: refactor so Principal is never cached in session with cache==false in java/org/apache/catalina/authenticator/AuthenticatorBase.java, java/org/apache/catalina/authenticator/Constants.java, java/org/apache/catalina/authenticator/FormAuthenticator.java. - CVE-2019-17563 Checksums-Sha1: b64a37d51d09969a9af34e63a2b2b7b95589a804 241282 libservlet3.1-java-doc_8.0.32-1ubuntu1.11_all.deb 972776121564235f505a096b4e43076213771613 390766 libservlet3.1-java_8.0.32-1ubuntu1.11_all.deb 80b8d800a8b915566ee3ff027d267275284461fa 4658638 libtomcat8-java_8.0.32-1ubuntu1.11_all.deb f296eec43366fa1b332b4b6e7eda39612b0277de 30896 tomcat8-admin_8.0.32-1ubuntu1.11_all.deb cd4055896e2492dda6e7dc84572a54b42d49a1ee 52948 tomcat8-common_8.0.32-1ubuntu1.11_all.deb 1a2220d2f6163a5e772fb6d054e812b5dc481b1f 675344 tomcat8-docs_8.0.32-1ubuntu1.11_all.deb 218478fe09e4c6591dc819532adb8f50bbc820a2 187916 tomcat8-examples_8.0.32-1ubuntu1.11_all.deb 90ec010e6dc21888f3ab19a263ba1d8567d48378 30822 tomcat8-user_8.0.32-1ubuntu1.11_all.deb 1717c505c5b95e2e779abd658e767e110fd766cb 42218 tomcat8_8.0.32-1ubuntu1.11_all.deb a8f5a64497ad14ddff6c7083ca31e31f979585bb 8159 tomcat8_8.0.32-1ubuntu1.11_amd64_translations.tar.gz Checksums-Sha256: 102fd897cb0437a35f13e572adc1f37aefd4ecf11dd0f3e1dd30b896310e4bc9 241282 libservlet3.1-java-doc_8.0.32-1ubuntu1.11_all.deb 8e7e4ffebdc68fe7e42807a61dd3c6bca7028e5fe2140b4d1a49f332c454b7f2 390766 libservlet3.1-java_8.0.32-1ubuntu1.11_all.deb 6c1480d478ae9be7424b913afd2c614f8caa55dc383f17bf414a053032163fe1 4658638 libtomcat8-java_8.0.32-1ubuntu1.11_all.deb 72355345779bb7f689200f69fad71cfba3f21dd3eec3ac446aa3326cfbdefe86 30896 tomcat8-admin_8.0.32-1ubuntu1.11_all.deb 0c9707d755b92fc43de2dfd481d99bbd52b46c3051d08bfd2f15ae190ca4f9fa 52948 tomcat8-common_8.0.32-1ubuntu1.11_all.deb 0f7d2ca9a29cfc7a423a3b5428adcf7ceba12a7f21b940697059afa03cc9b609 675344 tomcat8-docs_8.0.32-1ubuntu1.11_all.deb cb47c868bef0265917fdba1af5068d2a19cd624162dfa48d371053e7f4c04905 187916 tomcat8-examples_8.0.32-1ubuntu1.11_all.deb 15a1b5b778750145b519bfc10e5efc6450ca5f1dbe26c01fef095e0b15ffefc3 30822 tomcat8-user_8.0.32-1ubuntu1.11_all.deb 9a363f365a3a922a0b17444386fa8420fe8d328d7016f32a65e7f439b573175b 42218 tomcat8_8.0.32-1ubuntu1.11_all.deb ad5999e35fcb924abd8b09ebf27fb76d20d3abc2e3d42aaaa20f36cd22cad43e 8159 tomcat8_8.0.32-1ubuntu1.11_amd64_translations.tar.gz Files: 7dcff79d724c1f9521e19943837aab61 241282 doc optional libservlet3.1-java-doc_8.0.32-1ubuntu1.11_all.deb 4c64b3443394c77d3d7f854f344f50e4 390766 java optional libservlet3.1-java_8.0.32-1ubuntu1.11_all.deb e92cf75ebfb2cee4fcb727fa8a60031c 4658638 java optional libtomcat8-java_8.0.32-1ubuntu1.11_all.deb 3eae04ac2d80b529a081bdc4ba02119a 30896 java optional tomcat8-admin_8.0.32-1ubuntu1.11_all.deb 1c9d018471c10c57531d02c9e2d06aee 52948 java optional tomcat8-common_8.0.32-1ubuntu1.11_all.deb 349dff486a0a58af4b3f001ae079347f 675344 doc optional tomcat8-docs_8.0.32-1ubuntu1.11_all.deb 7437b26d9ede843871bcfaf62792e123 187916 java optional tomcat8-examples_8.0.32-1ubuntu1.11_all.deb 1caa73189466517757f691691256d8f3 30822 java optional tomcat8-user_8.0.32-1ubuntu1.11_all.deb 3b761759e39b9aba0a625b9ff558e9a5 42218 java optional tomcat8_8.0.32-1ubuntu1.11_all.deb f8684206d3ab8260fe5b5823188c2851 8159 raw-translations - tomcat8_8.0.32-1ubuntu1.11_amd64_translations.tar.gz Original-Maintainer: Debian Java Maintainers