1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted tomcat10 10.1.34-0+deb12u2 (source) into proposed-updates

    From Debian FTP Masters@21:1/5 to All on Sat Apr 5 19:10:02 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Wed, 2 Apr 2025 04:14:02 CEST
    Source: tomcat10
    Architecture: source
    Version: 10.1.34-0+deb12u2
    Distribution: bookworm-security
    Urgency: high
    Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
    Changed-By: Markus Koschany <apo@debian.org>
    Checksums-Sha1:
    e968b8123b9bc79ee57911a512dc5af9870ec5d0 3014 tomcat10_10.1.34-0+deb12u2.dsc
    19ec5e8c8f286a0cbbdf6ee8d910d3b216e3d62f 51916 tomcat10_10.1.34-0+deb12u2.debian.tar.xz
    91a0137854cdaa8cde2619688fd684a77266fa81 16805 tomcat10_10.1.34-0+deb12u2_amd64.buildinfo
    Checksums-Sha256:
    90d82273304e8d6590f070f770e377f84a662834e13b285f64f982ec8347c820 3014 tomcat10_10.1.34-0+deb12u2.dsc
    6564bbf5e701b9b7c6e4c615757703a4dbf4c5254207d975dba2119b94b72c39 51916 tomcat10_10.1.34-0+deb12u2.debian.tar.xz
    d4c73571ebdb2bcc2de10c9565bf76e961a08dfa50a32252d6b2c1076ccf377b 16805 tomcat10_10.1.34-0+deb12u2_amd64.buildinfo
    Changes:
    tomcat10 (10.1.34-0+deb12u2) bookworm-security; urgency=high
    .
    * Team upload.
    * Fix CVE-2025-24813:
    It was found that a malicious user was able to view security sensitive
    files and/or inject content into those files when writes were enabled for
    the default servlet (disabled by default) and support for partial PUT was
    enabled (default). Under certain circumstances, depending on the
    application in use, remote code execution may have been possible.
    Files:
    8e49ab78dde35a2d771595ebe3f5d3e3 3014 java optional tomcat10_10.1.34-0+deb12u2.dsc
    4b0e77b9a42bb0e10cffb8ecfc75bae5 51916 java optional tomcat10_10.1.34-0+deb12u2.debian.tar.xz
    6bdf30c87eeb4fe173d44dc601421288 16805 java optional tomcat10_10.1.34-0+deb12u2_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmfsn4tfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkurEP/079X4LNBwTwuL/kH4nD9FUMTsBnalaRBlx6 46lXOGm4ZhA//ZhBTmYTNBRZiwy2r9jBA/5rRHWkTVml6W53IQR+dxE/6KJYnvXB H68mVjznplttI1dFuUXGmYVdUpRICff/eisCWrddx48f5BF+i8pEHJYiRPYz4qi2 H8QJHI48YzrzLNOe7CIT/Rr++Bxz0ZgurMZZJXDdQ3CgkI68ywSZrV8B2Rv+y9z0 AKMIFsOvAgdmuab3UTqF/pun/oCQujhy6N20wE1K5C6tUZD54wtudv2BHVxEbDiv njfbZYYW9MBVSq9jDBSZakJCE8U8YCh8G6Mth+PzpMY8ZkdMjfzkF5I+wrZN4TnV kFzJ3wfI8cfrgNW32D8FMmhXr6j33wAzKySrZbHrNVzu8EiTOc+urX8MtSQimvkR rSxmid/9QbKaaLccW695Nhr2ZVhnWrwMUHz1oHYqdNQSujDfWlhtke2PTfbpd1QD ejv2GqYQnIX6G4MxZCtEKQEh/jHWIKbYMKBzp5o1enxB3JB0QY9jRCDs+Pj9ckHW hO7fXjE0oyey/wMg8BcX48oRsfSyrmPiD+ytpBp8eGn+lME+mhg9LeI66nJvKkxd fYfQgDcLCAe7uZtGEAWTRwNXt1iM/xc9aSL0UIUgBprYoq+8kzJ++IMK2wlu5ogC
    sDibm7Iu
    =j02C
    -----END PGP SIGNATURE-----


    --==============f75764515761330079=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZ/FihQAKCRCb9qggYcy5 IVgNAQDawGcyGhrRWINZzTqtg8bOg7lKE3OVi4O8Dn3qzghMWwD/XwF5a982jCU5 PZV+2iHVYi8tpwyk0XUu/9zif+jOgAM=ZXOr
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)