[ubuntu/focal-updates] tomcat9 9.0.31-1ubuntu0.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Oct 21 13:28:09 UTC 2020
tomcat9 (9.0.31-1ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: HTTP/2 Denial of Service
- debian/patches/CVE-2020-13934.patch: ensure that the HTTP/1.1
processor is correctly recycled when a direct connection to h2c is
made
- CVE-2020-13934
* SECURITY UPDATE: WebSocket Denial of Service
- debian/patches/CVE-2020-13935.patch: add additional validation of
payload length for WebSocket messages
- CVE-2020-13935
* SECURITY UPDATE: HTTP/2 Denial of Service
- debian/patches/CVE-2020-11996.patch: improve performance of closing
idle HTTP/2 streams
- CVE-2020-11996
* SECURITY UPDATE: remote code execution via session persistence
- debian/patches/CVE-2020-9484.patch: improve validation of storage
location when using FileStore
- CVE-2020-9484
Date: 2020-10-20 20:02:13.622633+00:00
Changed-By: Emilia Torino <emilia.torino at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/tomcat9/9.0.31-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list