Format: 1.8 Date: Thu, 24 Jul 2014 13:24:54 -0400 Source: tomcat7 Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs Architecture: all i386_translations Version: 7.0.52-1ubuntu0.1 Distribution: trusty Urgency: medium Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Marc Deslauriers Description: libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation libtomcat7-java - Servlet and JSP engine -- core libraries tomcat7 - Servlet and JSP engine tomcat7-admin - Servlet and JSP engine -- admin web applications tomcat7-common - Servlet and JSP engine -- common files tomcat7-docs - Servlet and JSP engine -- documentation tomcat7-examples - Servlet and JSP engine -- example web applications tomcat7-user - Servlet and JSP engine -- tools to create user instances Changes: tomcat7 (7.0.52-1ubuntu0.1) trusty-security; urgency=medium . * SECURITY UPDATE: denial of service via malformed chunk size - debian/patches/CVE-2014-0075.patch: fix overflow and added tests to java/org/apache/coyote/http11/filters/ChunkedInputFilter.java, test/org/apache/coyote/http11/filters/TestChunkedInputFilter.java. - CVE-2014-0075 * SECURITY UPDATE: file disclosure via XXE issue - debian/patches/CVE-2014-0096.patch: change globalXsltFile to be a relative path in conf/web.xml, java/org/apache/catalina/servlets/DefaultServlet.java, java/org/apache/catalina/servlets/LocalStrings.properties, webapps/docs/default-servlet.xml. - CVE-2014-0096 * SECURITY UPDATE: HTTP request smuggling attack via crafted Content-Length HTTP header - debian/patches/CVE-2014-0099.patch: correctly handle long values in java/org/apache/tomcat/util/buf/Ascii.java, added test to test/org/apache/tomcat/util/buf/TestAscii.java. - CVE-2014-0099 Checksums-Sha1: e4ca8784015551608462da485a51328a329a92bc 47896 tomcat7-common_7.0.52-1ubuntu0.1_all.deb 4e588b461a675812ea6f0e27111422a1ee0ed8bc 35626 tomcat7_7.0.52-1ubuntu0.1_all.deb 1765e9f9bd95b21ae7050559cdce3e19d3c2a171 24208 tomcat7-user_7.0.52-1ubuntu0.1_all.deb 5514b9197d169e641143e4a786672c30f997ab0c 3649450 libtomcat7-java_7.0.52-1ubuntu0.1_all.deb 465e1a0c3c0fdb5bd73555f971cc4d0fe8872809 293232 libservlet3.0-java_7.0.52-1ubuntu0.1_all.deb e8945c313e4c5c5a3da32527e4e0056de161dfd4 193000 libservlet3.0-java-doc_7.0.52-1ubuntu0.1_all.deb d0a5ed094bb98448c1f730011d607aa1cfa6d840 25596 tomcat7-admin_7.0.52-1ubuntu0.1_all.deb ca6e8b0d61eb69b37b031328555e39a4dd33d6c6 180918 tomcat7-examples_7.0.52-1ubuntu0.1_all.deb 28ca073ae09a3b9fc12b00e3cbf4b99a8bdd1dec 546770 tomcat7-docs_7.0.52-1ubuntu0.1_all.deb 88b224f18906ad7278b86447d11a6da8702735ff 8182 tomcat7_7.0.52-1ubuntu0.1_i386_translations.tar.gz Checksums-Sha256: ef83ce690c984311347a25a104d7cbfa8bf90de44efb966f278613900a94b5e4 47896 tomcat7-common_7.0.52-1ubuntu0.1_all.deb 91eb6f72a5732b3fde8b2125b284caed2366b37f07d04fcd0aebfb19940ea551 35626 tomcat7_7.0.52-1ubuntu0.1_all.deb 77cc00be0ebb1964433ca4ecc2c302379b735732cf25bd0f902a490cfac2bbcc 24208 tomcat7-user_7.0.52-1ubuntu0.1_all.deb aa7b802363046b2920d7162854e81d92241df0cf9da0104f77169a08044bf945 3649450 libtomcat7-java_7.0.52-1ubuntu0.1_all.deb e3435d286835f785c0bdd2912c2bc1d9b0c024d9291a5901302a7cd15546a481 293232 libservlet3.0-java_7.0.52-1ubuntu0.1_all.deb 1521c785bb03ae0d6cabb1456a4c1ce080d066c32b5b38973bdd0e42fea53180 193000 libservlet3.0-java-doc_7.0.52-1ubuntu0.1_all.deb 4421b6d0a689784b7d12baeffe9576b6be32e2896ddf74c06edcd8cabbce5da5 25596 tomcat7-admin_7.0.52-1ubuntu0.1_all.deb 329a0864a573821eecf1f0ff96cf4e3ce1d1c1ce3074817695cd748bcbfd4a4d 180918 tomcat7-examples_7.0.52-1ubuntu0.1_all.deb f8b27b67ee3f927d1663f823e5678f602d55a70ad12828b53859e2177f594bac 546770 tomcat7-docs_7.0.52-1ubuntu0.1_all.deb 46d379f8f0187b64d6dc81f44919f87dde2e568ae2f050043db2a98f79c0a847 8182 tomcat7_7.0.52-1ubuntu0.1_i386_translations.tar.gz Files: 587496ae6fdfd11b2198e4b85196f4db 47896 java optional tomcat7-common_7.0.52-1ubuntu0.1_all.deb 19871b7c7ea2a21d8e6cd9b361a2a37d 35626 java optional tomcat7_7.0.52-1ubuntu0.1_all.deb d0af29557d0bfc4c498f823914fd3f06 24208 java optional tomcat7-user_7.0.52-1ubuntu0.1_all.deb 53877252d463c48111c3a4e7b683c853 3649450 java optional libtomcat7-java_7.0.52-1ubuntu0.1_all.deb 17f72455c9f205aacfec221c90b1ef8e 293232 java optional libservlet3.0-java_7.0.52-1ubuntu0.1_all.deb 143e2aeff996510cd18e8aeafb5eb576 193000 doc optional libservlet3.0-java-doc_7.0.52-1ubuntu0.1_all.deb 30caa2f699f229cd7615af0affef3b6a 25596 java optional tomcat7-admin_7.0.52-1ubuntu0.1_all.deb 60cb6a0099530832380799832c5b67b6 180918 java optional tomcat7-examples_7.0.52-1ubuntu0.1_all.deb a19013000196f9aac738eca9c51fa188 546770 doc optional tomcat7-docs_7.0.52-1ubuntu0.1_all.deb 50cb711c336c35a709912aa173bf7092 8182 raw-translations - tomcat7_7.0.52-1ubuntu0.1_i386_translations.tar.gz Original-Maintainer: Debian Java Maintainers