-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 15 Apr 2024 22:05:02 +0200
Source: tomcat10
Binary: libtomcat10-embed-java libtomcat10-java tomcat10 tomcat10-admin tomcat10-common tomcat10-docs tomcat10-examples tomcat10-user
Architecture: all
Version: 10.1.6-1+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libtomcat10-embed-java - Apache Tomcat 10 - Servlet and JSP engine -- embed libraries
 libtomcat10-java - Apache Tomcat 10 - Servlet and JSP engine -- core libraries
 tomcat10   - Apache Tomcat 10 - Servlet and JSP engine
 tomcat10-admin - Apache Tomcat 10 - Servlet and JSP engine -- admin web applicatio
 tomcat10-common - Apache Tomcat 10 - Servlet and JSP engine -- common files
 tomcat10-docs - Apache Tomcat 10 - Servlet and JSP engine -- documentation
 tomcat10-examples - Apache Tomcat 10 - Servlet and JSP engine -- example web applicat
 tomcat10-user - Apache Tomcat 10 - Servlet and JSP engine -- tools to create user
Changes:
 tomcat10 (10.1.6-1+deb12u2) bookworm-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2023-46589:
     Improper Input Validation vulnerability in Apache Tomcat. Tomcat 10 did not
     correctly parse HTTP trailer headers. A trailer header that exceeded the
     header size limit could cause Tomcat to treat a single request as multiple
     requests leading to the possibility of request smuggling when behind a
     reverse proxy.
   * Fix CVE-2024-24549:
     Denial of Service due to improper input validation vulnerability for
     HTTP/2. When processing an HTTP/2 request, if the request exceeded any of
     the configured limits for headers, the associated HTTP/2 stream was not
     reset until after all of the headers had been processed.
   * Fix CVE-2024-23672:
     Denial of Service via incomplete cleanup vulnerability. It was possible for
     WebSocket clients to keep WebSocket connections open leading to increased
     resource consumption.
Checksums-Sha1:
 ad530ee6caa3c1ad5906fdb03dabe059832c58ae 4304732 libtomcat10-embed-java_10.1.6-1+deb12u2_all.deb
 17c05fd69dcd47d35a1709e67bff069b231dcce8 6167876 libtomcat10-java_10.1.6-1+deb12u2_all.deb
 6e3f6f13b8c759d8817f0d429713aaf88b28c868 71340 tomcat10-admin_10.1.6-1+deb12u2_all.deb
 2223fb524db46412158af881d41530b1058bfca4 65588 tomcat10-common_10.1.6-1+deb12u2_all.deb
 1413537479e1e2d5a28d6a17342b6565d22a546c 637608 tomcat10-docs_10.1.6-1+deb12u2_all.deb
 02eb5b922e9237b39f65fa49710e61d660c7c95c 485492 tomcat10-examples_10.1.6-1+deb12u2_all.deb
 963d0062abb868e6bb35b0b941ea2c917f871fec 37592 tomcat10-user_10.1.6-1+deb12u2_all.deb
 8110fb9729043822423cc1130e19a2e6468cf511 16095 tomcat10_10.1.6-1+deb12u2_all-buildd.buildinfo
 96d35649c81b9612a812d397903bbe9ffc7b8c73 41344 tomcat10_10.1.6-1+deb12u2_all.deb
Checksums-Sha256:
 6ac29df10f7dd509bf97d1a021a38ee605cd3da96213728e2da16ffe59611aab 4304732 libtomcat10-embed-java_10.1.6-1+deb12u2_all.deb
 395acfc969085dc6135052bc8580f094ac8ef6ef19c2df10b2e44d27e6b40be5 6167876 libtomcat10-java_10.1.6-1+deb12u2_all.deb
 46cf642c497be731714a499e90681d8c0effebeaa7a16b0c7a6dacae4774efd9 71340 tomcat10-admin_10.1.6-1+deb12u2_all.deb
 ee9bef88f6518b8b21af6ea824becf7292e4c3757c78a74dff8c4be996c576df 65588 tomcat10-common_10.1.6-1+deb12u2_all.deb
 c58ae81779e77be8ab7e6109bdb5f5bc93ca599c939ab43fe612c0991c29ba6e 637608 tomcat10-docs_10.1.6-1+deb12u2_all.deb
 3fbf619466a47b8d13b1d806d48768b2fedeedb31dbd9fe82b36a4ba8c422e49 485492 tomcat10-examples_10.1.6-1+deb12u2_all.deb
 31f840a724ac9c198e199bcd6fee04dd7bf395c08007d9edb519ef7a35f7278c 37592 tomcat10-user_10.1.6-1+deb12u2_all.deb
 8b51d112e5981b82b10aacbe0d510a2de061482d1e542be4aab427c58fdeea82 16095 tomcat10_10.1.6-1+deb12u2_all-buildd.buildinfo
 69cf85b0e9934314677a881a994a694c0f2fcf27065d520ef99305e53795f7f8 41344 tomcat10_10.1.6-1+deb12u2_all.deb
Files:
 5c799e45ac49e88a1491dde357c64480 4304732 java optional libtomcat10-embed-java_10.1.6-1+deb12u2_all.deb
 5939811bcd2918343a615a8b4595a5fd 6167876 java optional libtomcat10-java_10.1.6-1+deb12u2_all.deb
 6e84592293cd8eaaf87c83d87d047191 71340 java optional tomcat10-admin_10.1.6-1+deb12u2_all.deb
 720e3aac30c6b6e1a0e83e23fd9fba21 65588 java optional tomcat10-common_10.1.6-1+deb12u2_all.deb
 c05dc1ee53e1cc799fad74b51c3819f5 637608 doc optional tomcat10-docs_10.1.6-1+deb12u2_all.deb
 ac1c7ea8e7dfce1a061d9328e7a6f5eb 485492 java optional tomcat10-examples_10.1.6-1+deb12u2_all.deb
 d3ef64fba2c855a777c3ca638b0c566b 37592 java optional tomcat10-user_10.1.6-1+deb12u2_all.deb
 a9e105d1721a19816b9de9ae684eef5d 16095 java optional tomcat10_10.1.6-1+deb12u2_all-buildd.buildinfo
 42e24a9bc6117596d7e53f2f8c4fbf73 41344 java optional tomcat10_10.1.6-1+deb12u2_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEgdRoRGwEM09wlaMzOni7ZmUpKEcFAmYfBc0ACgkQOni7ZmUp
KEe/9Q/+L0dDMpdvfXxLdKE1xonb2OYufc2SkQkplfC/QDGucO76SqfGSuTW+/WN
2nj5F3aiRld8vi/xajB9876tNTOFqRKOkke5pVXUKy5n+BUeAum3hzmUmW+y8D7j
nviVDEmj7wH6c26JEx8GAjTzj6A6/2BdwHn33i5cEnvL6UZxgE7uNvbJorKh72uB
5d01JdjybX6DVL+pyNTxcgvQ5wJpkkHfLhUetxOwde2iGkUz2awD/+o5DFcgQhAG
K95vst8hmIKWzUny6yWGW9oBKBgU/O0y5s5AKuSO3QHzKA0tvbBB3Q5fyfqIOrFR
yhtkeebt3gFgXSGI050FNCc3Oiafnz5XacvQTfiXwAy6rya6cATuMmExAt6b14gM
wg16Cqqai+CgH9MrT1EWan8PK9jqRPlITx1n5lD7t7DpmBPgRkUUKuMMMxWWcKQS
q6yvocCbHkYLwMVEBN4HfVe65SKWWFiaAvFGo9ohquqX1q+KgkPfxY37XiYftW2U
7L/T20dPz1TzdM/0ND/1EFY3vkIpTIzgEEfcARc4GNlY2LoytByfgKG5wDg9uaL+
ff2zR+eeCf38dEdBAQE7LRz5sA3pm4RLVZpNhtKBvdeGXP22z0O1VIMEeMWI0ssp
syrv+56Vs14773ysaswF/evLrjsyCJtIruUtz10pTFWh6aEVSFg=
=xCvo
-----END PGP SIGNATURE-----