-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4673-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 03, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tomcat8 CVE ID : CVE-2019-17569 CVE-2020-1935 CVE-2020-1938 Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling and code execution in the AJP connector (disabled by default in Debian). For the oldstable distribution (stretch), these problems have been fixed in version 8.5.54-0+deb9u1. We recommend that you upgrade your tomcat8 packages. For the detailed security status of tomcat8 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tomcat8 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6vDOEACgkQEMKTtsN8 TjaAFRAAoAKw1AMWyaBUnxXpVwYqKvQ4CXcJxHCIAAFSQdMDLosTcKToyE3bzv13 UWZ1O7q4uMYhbyJv+bHzu4QTvWKAHAr/X8rdIe5d9FpzBGczWzAVOby4nLuXHSOj Y83IdXtXM3DopRcqPS8dUzcoQ8U+fOcmZeIB48IAqbMW+Okum8yxjDW1fVx+hl07 oAOg8tJwdRddGq1/l1hjgsDqqN4y56rG9YNLNGHDrWI8z1iN5Wxf5mGoJjd+ebbc gSRBxt5UYbiqE1FHVmM2EhSwoCsglYIKWYZQC1cg1WvoKDbqKpXB5TRYGWpB/FDN 5EPqEDJkiNf0+03mg+sa6ccY0bEDNJdZOiQKydopVu4Mh1BQ2oEQfBIc4eXPKCmK 0vV0Wdyfl1jQF4yo4vo7yQr4wbAJjLWJcg6pc/k4pwwZ2/wbnX/vbK+t0GpXfjnl wPLp47H5Rg9/2xly4zbdRJxA5rS1tQ3ykLCkF5AA4kCLTwXsiFgFD5Ec3va9hw9h VU15HO9UHDb8PUGGMTVCJzzBIdIREp3zjGI5g4TGU40BubdDaB20cmvKDrl5PFig rco9lTz9K3ngBRgVs5gNGMCaRhcT90sWuNlMoSFeKx1GMknIMdMjuiVkMpMwdvO/ xZpvx+f3wL09FWzDBcObPxdFzLi0kA8L+refmEJ9jifzwnPWJX4= =nZPM -----END PGP SIGNATURE-----