[ubuntu/bionic-security] tomcat9 9.0.16-3ubuntu0.18.04.1 (Accepted)

Maria Emilia Torino emilia.torino at canonical.com
Wed Sep 18 13:28:21 UTC 2019


tomcat9 (9.0.16-3ubuntu0.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: XSS attack on SSI printenv command
    - debian/patches/CVE-2019-0221.patch: escape debug output to aid
      readability
    - CVE-2019-0221
  * SECURITY UPDATE: DoS via thread exhaustion
    - debian/patches/CVE-2019-10072-1.patch: expand HTTP/2 timeout
      handling to connection window exhaustion on write.
    - debian/patches/CVE-2019-10072-2.patch: Fix test failures. Handle
      full allocation case.
    - CVE-2019-10072

Date: 2019-09-13 14:50:14.326453+00:00
Changed-By: Maria Emilia Torino <emilia.torino at canonical.com>
https://launchpad.net/ubuntu/+source/tomcat9/9.0.16-3ubuntu0.18.04.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Bionic-changes mailing list