[ubuntu/cosmic-proposed] tomcat8 8.5.30-1ubuntu3 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu May 31 12:03:13 UTC 2018 

tomcat8 (8.5.30-1ubuntu3) cosmic; urgency=medium

  * SECURITY UPDATE: CORS filter has insecure defaults
    - debian/patches/CVE-2018-8014.patch: change defaults in
      java/org/apache/catalina/filters/CorsFilter.java,
      java/org/apache/catalina/filters/LocalStrings.properties,
      test/org/apache/catalina/filters/TestCorsFilter.java,
      test/org/apache/catalina/filters/TesterFilterConfigs.java.
    - CVE-2018-8014

Date: Thu, 31 May 2018 07:14:54 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/tomcat8/8.5.30-1ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 31 May 2018 07:14:54 -0400
Source: tomcat8
Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libtomcat8-embed-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs
Architecture: source
Version: 8.5.30-1ubuntu3
Distribution: cosmic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API classes
 libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API documenta
 libtomcat8-embed-java - Apache Tomcat 8 - Servlet and JSP engine -- embed libraries
 libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries
 tomcat8    - Apache Tomcat 8 - Servlet and JSP engine
 tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web application
 tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files
 tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation
 tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web applicati
 tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user
Changes:
 tomcat8 (8.5.30-1ubuntu3) cosmic; urgency=medium
 .
   * SECURITY UPDATE: CORS filter has insecure defaults
     - debian/patches/CVE-2018-8014.patch: change defaults in
       java/org/apache/catalina/filters/CorsFilter.java,
       java/org/apache/catalina/filters/LocalStrings.properties,
       test/org/apache/catalina/filters/TestCorsFilter.java,
       test/org/apache/catalina/filters/TesterFilterConfigs.java.
     - CVE-2018-8014
Checksums-Sha1:
 6b028946f0184ed4a43e5d7bca2e9d87087950d5 2986 tomcat8_8.5.30-1ubuntu3.dsc
 9e1402d8c5d2e62bb2836b50a759b2be3df27332 70964 tomcat8_8.5.30-1ubuntu3.debian.tar.xz
 401541e5b6b7253726d78ea23ede5f16e3d31591 11896 tomcat8_8.5.30-1ubuntu3_source.buildinfo
Checksums-Sha256:
 c6629676459d7316ab7e59f131bd99e21b0fa8d429119336afb0853468086e5d 2986 tomcat8_8.5.30-1ubuntu3.dsc
 3b90954f9440026a0de0a5ace446e3943f3049f05d1926e888836d41ab20a1ab 70964 tomcat8_8.5.30-1ubuntu3.debian.tar.xz
 eaeab4be6ada82efaadbb44805e87c5de4cab4c0330040d56bc9ac7f620bb04e 11896 tomcat8_8.5.30-1ubuntu3_source.buildinfo
Files:
 caad53bb04fc37b708cea95d6f217935 2986 java optional tomcat8_8.5.30-1ubuntu3.dsc
 6d336a0e1858367f4dc4366e1f790f17 70964 java optional tomcat8_8.5.30-1ubuntu3.debian.tar.xz
 f6aa06f3de543614106b253df2bee885 11896 java optional tomcat8_8.5.30-1ubuntu3_source.buildinfo
Original-Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlsP4ggACgkQZWnYVadE
vpNJlQ/9FQWeomKtuL7OY5ioHHKIyQF1ASMIX2pLn+Th1xQ4q5LmlDF0QNxs86FY
x1LRYPhvAtBdOxPrFJBYymdsg9nElTijZHUTqHOLQog/+4Rf8t65+TU/gLHwiW0q
b28Z94C5IFnlLtG7Lxl0/5kVqAgOtJoTkVS5wl7SlH84LOkG4oFCYMn3Ix4eHYwJ
oM4lRqkLTtjpHAJaoTBBuUd2RQVC6eqEQLGhv9l9j6idKT3R1JLO0cnMTukXoN49
aj0mZceQ8FCPCkqJD2/7KzzkTyvjboyZClUx6fDJV4FKq608zEXsL3PJi7uXHfYY
8HTzm2UiswU721u/FxxDu4ePsALlyy4ITxzDTos5yTYTRIn1n8S3Tkv7jzi0+pnK
dU4hH+qlRD2OuGnJRduXOlYV9JbsGO+J/qRAwXSX6ojVy+BD0ZUwjM1rnulOZBd4
ZWHm0KlxFhBpcBsCtYto4QKzfCpB51MqQC3DOho1vGUJKQEOjwj04Pd2x/dMXUMg
kBwiR6FX+xucW56WaGvSzzPGVWcIaDIwtAi3xdKqlMSWkDRpGrqi+PpAGkTtqSC1
mGY0uTlnz/Yi+rIR4wNP2Atl+DnBmq6sbtdF3my1nnT77nXhulnR3bEQJa4yQLi/
OEFLdh9bopxvcPWoPoU5/TSvHGcTA+4PHaDD0x6F2XbvQJBwVlo=
=F49g
-----END PGP SIGNATURE-----

More information about the Cosmic-changes mailing list