[SECURITY] [DLA 2217-1] tomcat7 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2217-1] tomcat7 security update
From: "Chris Lamb" <lamby@debian.org>
Date: Sat, 23 May 2020 13:27:59 -0400 (EDT)
Message-id: <[🔎] 20200523172759.6D8A614200A2@mailuser.nyi.internal>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : tomcat7
Version        : 7.0.56-3+really7.0.100-1+deb8u1
CVE ID         : CVE-2020-9484
Debian Bug     : #961209

It was discovered that there was a potential remote code execution
via deserialization in tomcat7, a server for HTTP and Java "servlets".

For Debian 8 "Jessie", this issue has been fixed in tomcat7 version
7.0.56-3+really7.0.100-1+deb8u1.

We recommend that you upgrade your tomcat7 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl7JXPkACgkQHpU+J9Qx
Hlia4w/+KpVgmmq/zTcYkF/s+snvyjbVKDEJL3XlRiUcBmOhq5QX0sOGdqE69Xyl
UFgDzigR1CA2EfYuDn7KvnW9A7CXZcs2QaHAQqS2gfIfTSsB2c5wogCFqAh+EnPG
IByF0jMyojJNsA9OrfFLTSIC1KXcSwlj1N2kH0ry/7fcpOdUI9RLgVBwNAxoiChR
9Q643KiiXq1VUdmCl4JsKHA8rK61ycQuDOMnhC/HhCK3BbHdUM4OwNWfrvj13TQ+
nlMZYW/SdfpZmtySeL/DBHvyMqXD1Rwx+LTg7xKAPzlIJqcRah8pvC2Oahpm6+e+
OnHQVm/VlO+nU2WlhWYJzvdOtclfSu+iF7waFByyO7G7Go8qiB173FRNVIciwBNo
d746y3BD9gXk/X2AMakRV2SAIqFxNhLbV0Qui7Hr9jHReR7uyQkbMy/+2ijKIq2F
pcvpng4+Apng8A9vlyqzsfH4hdmB81HZhijfMUEkd4A/fzeGsb2nS74vQDadrrt3
4NJLEbf/RCuYjL9IZs48t1dIdaaQgNMXA4s1y2HlZKNYcVxHElnuqn0NLYev7jsv
z1PsxZtiljtfSaHU+H4cyQtQyL98CLApHUpiub9FaGMeLvU53Q/CGSJFQ64NluP3
MKHcaxKwEV2q0trIEdPPXoAUqCLyNzcgFifYPaL4v0tkOCkxdsM=
=qMiz
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2216-1] ruby-rack security update
Next by Date: [SECURITY] [DLA 2219-1] feh security update
Previous by thread: [SECURITY] [DLA 2216-1] ruby-rack security update
Next by thread: [SECURITY] [DLA 2219-1] feh security update
Index(es):
- Date
- Thread