[ubuntu/focal-security] tomcat9 9.0.31-1ubuntu0.5 (Accepted)

Tue Jul 9 01:22:52 UTC 2024

tomcat9 (9.0.31-1ubuntu0.5) focal-security; urgency=medium

  * SECURITY UPDATE: Incorrect handling of requests enables potential smuggling
    attack
    - debian/patches/CVE-2022-42252.patch: Requests with invalid content-
      length should always be rejected
    - CVE-2022-42252

tomcat9 (9.0.31-1ubuntu0.4) focal; urgency=medium

  * d/p/lp1903851-multipart-upload-over-https.patch: apply revert
    from 9.0.32 to fix multi-part upload over HTTPS (LP: #1903851)

tomcat9 (9.0.31-1ubuntu0.3) focal; urgency=medium

  * Fix logging for unprivileged rsyslogd (LP: #1964881):
    - d/logrotate.template: use syslog:adm for log rotation so that
      rsyslog can write to the file
    - d/tomcat9.postinst: adjust ownership of catalina.out so that
      rsyslogd can write to it. Also change the rotated log files for
      consistency.
    - d/tomcat9.tmpfile: /var/log/tomcat9 should be 02770 now

Date: 2024-07-04 04:56:15.420157+00:00
Changed-By: Bruce Cable <bruce.cable at canonical.com>
Signed-By: Evan Caville <evan.caville at canonical.com>
https://launchpad.net/ubuntu/+source/tomcat9/9.0.31-1ubuntu0.5
-------------- next part --------------
Sorry, changesfile not available.