-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 15 Apr 2024 22:05:02 +0200
Source: tomcat10
Architecture: source
Version: 10.1.6-1+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Java Maintainers
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Changes:
tomcat10 (10.1.6-1+deb12u2) bookworm-security; urgency=high
.
* Team upload.
* Fix CVE-2023-46589:
Improper Input Validation vulnerability in Apache Tomcat. Tomcat 10 did not
correctly parse HTTP trailer headers. A trailer header that exceeded the
header size limit could cause Tomcat to treat a single request as multiple
requests leading to the possibility of request smuggling when behind a
reverse proxy.
* Fix CVE-2024-24549:
Denial of Service due to improper input validation vulnerability for
HTTP/2. When processing an HTTP/2 request, if the request exceeded any of
the configured limits for headers, the associated HTTP/2 stream was not
reset until after all of the headers had been processed.
* Fix CVE-2024-23672:
Denial of Service via incomplete cleanup vulnerability. It was possible for
WebSocket clients to keep WebSocket connections open leading to increased
resource consumption.
Checksums-Sha1:
91ff9b857c9a5faf9e89b9f5752cb7adf56277d0 2993 tomcat10_10.1.6-1+deb12u2.dsc
30161550450c45b18e4326a0c62e519bcd6c8f7f 48516
tomcat10_10.1.6-1+deb12u2.debian.tar.xz
edb76d38012b4bedbacffe214b270d7c775d0534 14427
tomcat10_10.1.6-1+deb12u2_source.buildinfo
Checksums-Sha256:
b80bdd4a98f5dd8dab2d49efac588f58bcc4dd1202d1b925787a088111a71681 2993
tomcat10_10.1.6-1+deb12u2.dsc
ebe3ad5ef8b27caec12922059b9152a615556cca96ec2f0e878bb991b2ee6f97 48516
tomcat10_10.1.6-1+deb12u2.debian.tar.xz
8c4eb2f4f2331f5ba56b5550cd021b663c55779d6f9e510205eb7779a67f50ce 14427
tomcat10_10.1.6-1+deb12u2_source.buildinfo
Files:
62cbf99bed5fa4a4a0a1e541d0240a26 2993 java optional
tomcat10_10.1.6-1+deb12u2.dsc
bba08952be74219e8f933403c931000b 48516 java optional
tomcat10_10.1.6-1+deb12u2.debian.tar.xz
05cc9aca9b1e801ce2c3be036c744e47 14427 java optional
tomcat10_10.1.6-1+deb12u2_source.buildinfo-----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmYe2xxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkKMQQAJL5gWfYQwCLKYSs5w5Qk12dDJ25z8JSszvw 89a0DFUo75aq6YVnipgnvb53erwdOCr3YLDx2ER5kN1dlu2QASy45jVgXyRl/pdp 3y+EcnWeF8np1JtshKUU0Xdn57/1OscMQ/kpUX1SVjvdPbT8baN99xIYojHSoQxU cVQ94a9KScc5T6f504QCzuh6szqzdnsjzoFGVuiolzN29YEdgXYJbXDEn6U+6KRK oaHr7xVE00oMeaOTcOV+vOFLxSzNJLbADNGPP8X1WaFuFlk5K+pd+Sh5HjL5A+au iMuQhvtmPZ+RrRm+q7GzwrBP7VvS08vS5M5vXZ1FAz9B/urCxxjZMwWL5Y21wU9m ICQ81Iyn+EF6Dhuc/9VVW4sNbMY3AVz+q53sC+chhEHbQTSlXSuYbm9CZHDTq2tn ZIvy4ZNGMP/xdTNHsCuVFrhqiYXsyPJGIsxdthTud0hro6HHgI1fgtc3I6R11azg t4GmeSfW4S6szwrTdICRG1dmiLNZdbxd+JIER8uczGbaiVwHNIitW/kCiDCZZS3/ LX3Ii5ZtrnYVW5coAt++cBtowcjGNPaPcYgHmJu8h156tcZKinws7BgRQ9GMyxj0 lq48g27vBlo3GUw3gtLusgFlc5sNEp/tGXyJAEqBOrQ1gYjByJBlrkSAyjt1sqaV Xi7/uBpL =44nP -----END PGP SIGNATURE-----
pgptOLta4mOIi.pgp
Description: PGP signature
