-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 07 Aug 2021 18:25:15 +0200
Source: tomcat9
Binary: libtomcat9-embed-java libtomcat9-java tomcat9 tomcat9-admin tomcat9-common tomcat9-docs tomcat9-examples tomcat9-user
Architecture: all
Version: 9.0.31-1~deb10u5
Distribution: buster-security
Urgency: high
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libtomcat9-embed-java - Apache Tomcat 9 - Servlet and JSP engine -- embed libraries
 libtomcat9-java - Apache Tomcat 9 - Servlet and JSP engine -- core libraries
 tomcat9    - Apache Tomcat 9 - Servlet and JSP engine
 tomcat9-admin - Apache Tomcat 9 - Servlet and JSP engine -- admin web application
 tomcat9-common - Apache Tomcat 9 - Servlet and JSP engine -- common files
 tomcat9-docs - Apache Tomcat 9 - Servlet and JSP engine -- documentation
 tomcat9-examples - Apache Tomcat 9 - Servlet and JSP engine -- example web applicati
 tomcat9-user - Apache Tomcat 9 - Servlet and JSP engine -- tools to create user
Closes: 991046
Changes:
 tomcat9 (9.0.31-1~deb10u5) buster-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2021-30640:
     A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to
     authenticate using variations of a valid user name and/or to bypass some of
     the protection provided by the LockOut Realm.
   * Fix CVE-2021-33037:
     Apache Tomcat did not correctly parse the HTTP transfer-encoding request
     header in some circumstances leading to the possibility to request
     smuggling when used with a reverse proxy. Specifically: - Tomcat
     incorrectly ignored the transfer encoding header if the client declared it
     would only accept an HTTP/1.0 response; - Tomcat honoured the identify
     encoding; and - Tomcat did not ensure that, if present, the chunked
     encoding was the final encoding. (Closes: #991046)
Checksums-Sha1:
 1856a769f8f4ea33cb712841860b4fda0af2f85d 4099656 libtomcat9-embed-java_9.0.31-1~deb10u5_all.deb
 ff27c98eeaee4ef776c6b1e27d24bb3c719ab42c 5846548 libtomcat9-java_9.0.31-1~deb10u5_all.deb
 a3f8264e3915597d44a9958651d928b59d1b155a 34728 tomcat9-admin_9.0.31-1~deb10u5_all.deb
 97aa905406d386c8195f8ad95717ea197e81503f 69948 tomcat9-common_9.0.31-1~deb10u5_all.deb
 93eea108d6b38ad4868c41e30b2c298e240c439d 706000 tomcat9-docs_9.0.31-1~deb10u5_all.deb
 807812a286388190a92fcb8646e11add2f9a3599 396540 tomcat9-examples_9.0.31-1~deb10u5_all.deb
 c55f887748028a10de6f79cbe278846c31195a9c 42872 tomcat9-user_9.0.31-1~deb10u5_all.deb
 99b4ce284b932050bbf89bc2f51cefa19773c476 13638 tomcat9_9.0.31-1~deb10u5_all-buildd.buildinfo
 454a8d516c9e1ed957a9d9a2c7d69b44dd30be3d 46608 tomcat9_9.0.31-1~deb10u5_all.deb
Checksums-Sha256:
 eff751f027d27aaacf4a32ab618a769c5bc2d3610254bf87e253e3d507f6834b 4099656 libtomcat9-embed-java_9.0.31-1~deb10u5_all.deb
 b91816cf38e98537e217a5c7e877cfe0fac2161e5b10566e86c724bf813ee4c6 5846548 libtomcat9-java_9.0.31-1~deb10u5_all.deb
 10c340f0a4fa2eeb9f7bb4819c7dc8cd0afef2aa37f3523e6fb1d15076b1fed2 34728 tomcat9-admin_9.0.31-1~deb10u5_all.deb
 d0a0ed72a28d71d2f8705b3f4e6f98c2b9af6a7996b0c3f6af5287704c14ca97 69948 tomcat9-common_9.0.31-1~deb10u5_all.deb
 4ce3676b6ef3a8b22e16e7a650c90cc9755c1c5f48a9176bb5826b391dcacf18 706000 tomcat9-docs_9.0.31-1~deb10u5_all.deb
 2b580dbea7a50d916cf716391fd5cf02091b95287006ec120e0ecfcef704ce4d 396540 tomcat9-examples_9.0.31-1~deb10u5_all.deb
 487c638470286bab9fe64dea98368c7f1d82bec065d3815ec5e503e9dc546e10 42872 tomcat9-user_9.0.31-1~deb10u5_all.deb
 e2848115713e00e3680b31f560002356d082bf06ca60c735ceceb2d27df481c6 13638 tomcat9_9.0.31-1~deb10u5_all-buildd.buildinfo
 35a6218445462a9d7613fd353e2a1d8a45ae3d9eebb12babbd55dd45193f57d2 46608 tomcat9_9.0.31-1~deb10u5_all.deb
Files:
 bc3903c281e24055257792a7652ae1cb 4099656 java optional libtomcat9-embed-java_9.0.31-1~deb10u5_all.deb
 f662c7b63d8af9f77e3f02b7c6fae534 5846548 java optional libtomcat9-java_9.0.31-1~deb10u5_all.deb
 5f68f26b201a2a87672c66c46f27acf3 34728 java optional tomcat9-admin_9.0.31-1~deb10u5_all.deb
 bc5c7b3bfca01f3a75fbf2b5d924dc8e 69948 java optional tomcat9-common_9.0.31-1~deb10u5_all.deb
 6e0b0eba5e8db8a22245d6e2b6a2f10c 706000 doc optional tomcat9-docs_9.0.31-1~deb10u5_all.deb
 0872dab766de49af2f65e4170d03544c 396540 java optional tomcat9-examples_9.0.31-1~deb10u5_all.deb
 3028a9682887d8ef12269ff8af09955e 42872 java optional tomcat9-user_9.0.31-1~deb10u5_all.deb
 e6637dc9eb519622af12f6e2e18d2488 13638 java optional tomcat9_9.0.31-1~deb10u5_all-buildd.buildinfo
 313e7421bfadd2121415fdeaacea8a91 46608 java optional tomcat9_9.0.31-1~deb10u5_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEqQcRQHTGP4qt3opGks26TWZ8cfMFAmEP8+kACgkQks26TWZ8
cfOK3hAAl3WRGYndj8CN4C0WIkiASuoMe+U/Ud3QD6XEcWxZq7UlikSqJuEO0wZg
N5JLUlZjkHHGG5gZlwrz1JbT0jYmZXC1VWbaK89ONZMOt3oBg0jgaSLsLH6wMPAB
KojEwQmvP1Y36GSIiN0s5sSrQgHbCdKyx/fWrSg8y7SuDPPGRjB0VCI9uPjSq+Cz
Ixj3X+k/6UCyqWNngt+xSNC56/sWd69T4bvB7LuVcSAyeyREyQFVtIo/q+pEvXuV
k8o6c6dOsNoe67QdAwm6SaciaLksCD0FpRQSyZ2wlikzf3e0nQ14OBANL4rwZqtN
vKvOSAR9aSHk/15TNJJy9OycjrTlSojHg6EMUZXG/pTHBUwkSjBzIvveVN5Go6VX
5lIsvKeAgd3Lq1/jI4EZA4gLBBkc3wGe1rgSxKQCfVXAeOAe7+FzD1/9tFyotYHs
qxoMSgKDMI4Pg1fP2TGRXSdYk6rlpxeMC4bRl6APd0TqBWY7T+ZrEZPTV8/9M4VT
6dsLMnneFxtxmwmLcuvKoGEpnj6pZPoWzrVQWlHiq9Jwrm/KEnxYhJ052JG8nN0Z
XzfTB3hN8oVj2YLEy+v2Pw6/0u4lvxysZw9oYukWC4gkd2z8+wp/s1BLDm874DjC
MRgodRBSjIbNMq4lZSVHUc36pJb4fb1hPKweLqHQuwq+dShraQY=
=cto9
-----END PGP SIGNATURE-----