-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 18 Apr 2024 22:17:07 +0200
Source: tomcat9
Binary: libtomcat9-embed-java libtomcat9-java tomcat9 tomcat9-admin tomcat9-common tomcat9-docs tomcat9-examples tomcat9-user
Architecture: all
Version: 9.0.43-2~deb11u10
Distribution: bullseye-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libtomcat9-embed-java - Apache Tomcat 9 - Servlet and JSP engine -- embed libraries
 libtomcat9-java - Apache Tomcat 9 - Servlet and JSP engine -- core libraries
 tomcat9    - Apache Tomcat 9 - Servlet and JSP engine
 tomcat9-admin - Apache Tomcat 9 - Servlet and JSP engine -- admin web application
 tomcat9-common - Apache Tomcat 9 - Servlet and JSP engine -- common files
 tomcat9-docs - Apache Tomcat 9 - Servlet and JSP engine -- documentation
 tomcat9-examples - Apache Tomcat 9 - Servlet and JSP engine -- example web applicati
 tomcat9-user - Apache Tomcat 9 - Servlet and JSP engine -- tools to create user
Changes:
 tomcat9 (9.0.43-2~deb11u10) bullseye-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2023-46589:
     Improper Input Validation vulnerability in Apache Tomcat. Tomcat 10 did not
     correctly parse HTTP trailer headers. A trailer header that exceeded the
     header size limit could cause Tomcat to treat a single request as multiple
     requests leading to the possibility of request smuggling when behind a
     reverse proxy.
   * Fix CVE-2024-24549:
     Denial of Service due to improper input validation vulnerability for
     HTTP/2. When processing an HTTP/2 request, if the request exceeded any of
     the configured limits for headers, the associated HTTP/2 stream was not
     reset until after all of the headers had been processed.
   * Fix CVE-2024-23672:
     Denial of Service via incomplete cleanup vulnerability. It was possible for
     WebSocket clients to keep WebSocket connections open leading to increased
     resource consumption.
Checksums-Sha1:
 8105723324abdfcd0cee297c720f680bb1ebcda9 4202040 libtomcat9-embed-java_9.0.43-2~deb11u10_all.deb
 1f4f8e56374acae4916e479502e062e8b574f2d7 6006408 libtomcat9-java_9.0.43-2~deb11u10_all.deb
 e4aff01bd51fdad4345e15e1e441cb3a1bc7b865 78580 tomcat9-admin_9.0.43-2~deb11u10_all.deb
 dcf54281df4e66ddd53c94dfa0676a010f4949b0 71960 tomcat9-common_9.0.43-2~deb11u10_all.deb
 16ecc01485c3c40765b2ac125d2202d8739d5b50 706844 tomcat9-docs_9.0.43-2~deb11u10_all.deb
 9b3cb9f950b25afb2d09ef0799760c26d419b548 404936 tomcat9-examples_9.0.43-2~deb11u10_all.deb
 1d7f653c442c43610d8378e39a92c923b07a2549 44624 tomcat9-user_9.0.43-2~deb11u10_all.deb
 807a2836775b1b8bdbadec74884e9a5ff5dac4b9 14248 tomcat9_9.0.43-2~deb11u10_all-buildd.buildinfo
 6ada6572ce2b11e5183e5453f4a7a74cd3952947 48432 tomcat9_9.0.43-2~deb11u10_all.deb
Checksums-Sha256:
 c11e7d221e6b399b105a9677397d831f69221c7f003ac7d40669554c132fdec0 4202040 libtomcat9-embed-java_9.0.43-2~deb11u10_all.deb
 8d9a9a69e8b7264e48058a34ebff5a1aed4d6200eca43dc3031b5ddfa6a06988 6006408 libtomcat9-java_9.0.43-2~deb11u10_all.deb
 1eee2566176bf042944385e278985d5ddabb388a0cd3685f860b8a9ae4629551 78580 tomcat9-admin_9.0.43-2~deb11u10_all.deb
 e896789aa46b2de7fedd3cbcd5bd60e6c6738259314cb299e58d146eb571be27 71960 tomcat9-common_9.0.43-2~deb11u10_all.deb
 10b97fe08ad040d28f398ee87f7f20dfe2a9f8c725e5a34e03722cae0355a8d8 706844 tomcat9-docs_9.0.43-2~deb11u10_all.deb
 f88c9769c40c60eef1105a91311406374e331675b338749bca546356314ce95f 404936 tomcat9-examples_9.0.43-2~deb11u10_all.deb
 8b3718db6792640598e3622aec99c84f791e12c288ab004318a12d85fc834b40 44624 tomcat9-user_9.0.43-2~deb11u10_all.deb
 3096d7dd9306d3a8fb6025f3f45302ec0128c15d3f84f6edd6f7a1490034f1f9 14248 tomcat9_9.0.43-2~deb11u10_all-buildd.buildinfo
 0dd30fee78ecd3980e9ee3ba018071755ddf84e2288b860900709f1013e368ed 48432 tomcat9_9.0.43-2~deb11u10_all.deb
Files:
 6553a5004faa7ecd9ff9a021a5b90249 4202040 java optional libtomcat9-embed-java_9.0.43-2~deb11u10_all.deb
 c884ff48f18d73fac619ba37a35ba6d3 6006408 java optional libtomcat9-java_9.0.43-2~deb11u10_all.deb
 7d237934a87574e1a3fb44cff07e4c3f 78580 java optional tomcat9-admin_9.0.43-2~deb11u10_all.deb
 3e41253c13cb29a6d084873f6823dcf5 71960 java optional tomcat9-common_9.0.43-2~deb11u10_all.deb
 313b71675e04577e650346b96c5a537a 706844 doc optional tomcat9-docs_9.0.43-2~deb11u10_all.deb
 7aef8204aaa91acd8a3eea4d5a59a28f 404936 java optional tomcat9-examples_9.0.43-2~deb11u10_all.deb
 d52185d378d0e23c481268e4c9bac7ae 44624 java optional tomcat9-user_9.0.43-2~deb11u10_all.deb
 db227211cb5ff8a3a90cda35acc46212 14248 java optional tomcat9_9.0.43-2~deb11u10_all-buildd.buildinfo
 884ac1828fbace08c79827b448c518f0 48432 java optional tomcat9_9.0.43-2~deb11u10_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEgdRoRGwEM09wlaMzOni7ZmUpKEcFAmYhpOIACgkQOni7ZmUp
KEe8GxAAzYcyx29pZG6oxzQ+yiDwhZIAgaFFTYFxIXbenWnvMpqEHoPTZX7UyIAZ
396gF8MI+WLRsEtVKSpSC1C4f7LCcqnZYVVFfuM3eAzfjwU71MPcIPiphcgWCMvF
SSaebTcRhTFKSNRXiHiEB1dCOEHsZOvuyHJjdtpL+UKXmkNj7Af5aDqizucFsrZH
1inMMxVcl8Ii8lddFJkgSqqdOmDdip8nG0kDUtx9PKV33YmqGApWrJP4LVG6PhZc
a1e/RdAhaHTp/c5kSvuNRH6C8Ep7e8Zbl8vkmadxOFYutzZWgzw+9wCHB8VhdX/6
9oiw1nGwGDsZDOUNdgldBrUuWv5tVvOtTNNf4McCSnhfMSTl1IgDNbtmCMT8vEPi
rXhGbhNiyQetdTinDD/mb1HkxO5ziDo7y47xTfKZvp8Z05vvBJ4LcfsRrLlU5y6p
vZa2v4MXfCfrziCy6Uh3yoDQt/45fzDHHUTfOqVqSoxwRDcjJLjtZ059YfvCfflt
vcytQekEKXgMDxsnwTngbs1nPW958IqYemlcZv+Ulz0PTj3NgLigWdHGPrwxQjfZ
il13DM9nEChUcpSarG/Tx8kEE7BMqTCSEFYHK4u93nAOvezrdcj5SDzk35R/gWUM
ZdzATZ2Q2yuhElSydxRXe054El8MR/APaaW5iKSairg4jNnu7Ls=
=ycLL
-----END PGP SIGNATURE-----