[ubuntu/focal-security] tomcat9 9.0.31-1ubuntu0.8 (Accepted)

Sun Nov 17 22:19:08 UTC 2024

tomcat9 (9.0.31-1ubuntu0.8) focal-security; urgency=medium

  * SECURITY UPDATE: Open redirect
    - debian/patches/CVE-2023-41080.patch: Avoid protocol relative
      redirects
    - CVE-2023-41080
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2024-23672.patch: Refactor WebSocket close for
      suspend/resume
    - CVE-2024-23672
  * SECURITY UPDATE: Information leak
    - debian/patches/CVE-2023-42795.patch: Improve handling of failures
      during recycle() methods
    - CVE-2023-42795
  * SECURITY UPDATE: Request smuggling
    - debian/patches/CVE-2023-45648.patch: Align processing of trailer
    headers with standard processing
    - CVE-2023-45648
  * SECURITY UPDATE: Insecure cookie
    - debian/patches/CVE-2023-28708.patch: Add secure attribute to 
      cookie when transmitting over insecure channel
    - CVE-2023-28708

Date: 2024-11-12 04:38:52.098981+00:00
Changed-By: Bruce Cable <bruce.cable at canonical.com>
https://launchpad.net/ubuntu/+source/tomcat9/9.0.31-1ubuntu0.8
-------------- next part --------------
Sorry, changesfile not available.