[ubuntu/questing-proposed] tomcat9 9.0.95-1ubuntu1 (Accepted)
Eduardo Barretto
eduardo.barretto at canonical.com
Tue Jul 29 17:31:16 UTC 2025
tomcat9 (9.0.95-1ubuntu1) questing; urgency=medium
* Merge with Debian unstable. (LP: #2116267) Remaning changes:
- d/p/CVE-2025-24813.patch: Enhance lifecycle of
temporary files used by partial PUT and use File.createTempFile()
instead of custom naming based on resource path conversion in
java/org/apache/catalina/servlets/DefaultServlet.java
* Dropped changes, superseded upstream:
- d/p/CVE-2023-46589_1.patch: Differentiate request cancellation
- d/p/CVE-2023-46589_2.patch: Ensure IOException on request read
always triggers error handling.
- d/p/CVE-2023-28708.patch: Fix BZ 66471 - JSessionId
secure attribute missing with RemoteIpFilter and X-Forwarded-Proto
set to https
- d/p/CVE-2023-42795.patch: Improve handling of failures during
recycle() methods
- d/p/CVE-2023-45648.patch: Align processing of trailer headers with
standard processing
- d/p/CVE-2024-23672-pre-1.patch: Rename prior to extending with
additional tests
- d/p/CVE-2024-23672-pre-2.patch: Add test util getter for root
context with class path scanning disabled
- d/p/CVE-2024-23672.patch: Refactor WebSocket close for suspend/resume
- d/p/CVE-2024-24549.patch: Report HTTP/2 header parsing
errors earlier
- d/p/CVE-2024-24549-post-1.patch: Make recycled streams eligible for
GC immediately. Improves scalability.
- d/p/CVE-2024-24549-post-2.patch: Update tests after HTTP/2
improvements
- d/p/CVE-2024-34750-pre-1.patch: Fix 66530 - Regression in fix for
BZ 66442. Ensure count is decremented
- d/p/CVE-2024-34750-pre-2.patch: Refactor decrement using a common
method
- d/p/CVE-2024-34750.patch: Make counting of active streams more robust
- d/p/CVE-2024-38286.patch: Add support for re-keying with TLS 1.3
- Search for the appropriate JDT jar according to new project
structure. This is was fixed in debian unstable in
d/p/0030-eclipse-jdt-classpath.patch
Date: Wed, 09 Jul 2025 17:12:14 +0200
Changed-By: Eduardo Barretto <eduardo.barretto at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Lena Voytek <lena.voytek at canonical.com>
https://launchpad.net/ubuntu/+source/tomcat9/9.0.95-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 09 Jul 2025 17:12:14 +0200
Source: tomcat9
Built-For-Profiles: noudeb
Architecture: source
Version: 9.0.95-1ubuntu1
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Eduardo Barretto <eduardo.barretto at canonical.com>
Launchpad-Bugs-Fixed: 2116267
Changes:
tomcat9 (9.0.95-1ubuntu1) questing; urgency=medium
.
* Merge with Debian unstable. (LP: #2116267) Remaning changes:
- d/p/CVE-2025-24813.patch: Enhance lifecycle of
temporary files used by partial PUT and use File.createTempFile()
instead of custom naming based on resource path conversion in
java/org/apache/catalina/servlets/DefaultServlet.java
* Dropped changes, superseded upstream:
- d/p/CVE-2023-46589_1.patch: Differentiate request cancellation
- d/p/CVE-2023-46589_2.patch: Ensure IOException on request read
always triggers error handling.
- d/p/CVE-2023-28708.patch: Fix BZ 66471 - JSessionId
secure attribute missing with RemoteIpFilter and X-Forwarded-Proto
set to https
- d/p/CVE-2023-42795.patch: Improve handling of failures during
recycle() methods
- d/p/CVE-2023-45648.patch: Align processing of trailer headers with
standard processing
- d/p/CVE-2024-23672-pre-1.patch: Rename prior to extending with
additional tests
- d/p/CVE-2024-23672-pre-2.patch: Add test util getter for root
context with class path scanning disabled
- d/p/CVE-2024-23672.patch: Refactor WebSocket close for suspend/resume
- d/p/CVE-2024-24549.patch: Report HTTP/2 header parsing
errors earlier
- d/p/CVE-2024-24549-post-1.patch: Make recycled streams eligible for
GC immediately. Improves scalability.
- d/p/CVE-2024-24549-post-2.patch: Update tests after HTTP/2
improvements
- d/p/CVE-2024-34750-pre-1.patch: Fix 66530 - Regression in fix for
BZ 66442. Ensure count is decremented
- d/p/CVE-2024-34750-pre-2.patch: Refactor decrement using a common
method
- d/p/CVE-2024-34750.patch: Make counting of active streams more robust
- d/p/CVE-2024-38286.patch: Add support for re-keying with TLS 1.3
- Search for the appropriate JDT jar according to new project
structure. This is was fixed in debian unstable in
d/p/0030-eclipse-jdt-classpath.patch
Checksums-Sha1:
15aa364f08fc4b5ca090814bbfc372e2218c2cef 2465 tomcat9_9.0.95-1ubuntu1.dsc
eede93ee3a33c2f450a42b77e767833c23ec4aa6 4824760 tomcat9_9.0.95.orig.tar.xz
126043dfc1b1da94ddb14460d3037b8572c33687 32532 tomcat9_9.0.95-1ubuntu1.debian.tar.xz
de6b788186ad16fedafd56690e362d063ee09329 14946 tomcat9_9.0.95-1ubuntu1_source.buildinfo
Checksums-Sha256:
ca9281d6b8fad649dd85ffaa6bb543f2667fd04fe559374c34ebe350df649e4b 2465 tomcat9_9.0.95-1ubuntu1.dsc
14aae179b1f4d39aea817df57fd22c567247e9555546bd6abb4746f2de706c09 4824760 tomcat9_9.0.95.orig.tar.xz
a0e4b34f436bc80f66683fad80d9d088da2fac77cdd53560a523dc908eee0aa4 32532 tomcat9_9.0.95-1ubuntu1.debian.tar.xz
190fdcfa14444e97f3546eb8cce2560e67c541e5283c6164d39b53ce91a62207 14946 tomcat9_9.0.95-1ubuntu1_source.buildinfo
Files:
cf46fa3edabb9483ff5c76e3d54b82eb 2465 java optional tomcat9_9.0.95-1ubuntu1.dsc
2371f3763e09db82b6f940d29dda2cb5 4824760 java optional tomcat9_9.0.95.orig.tar.xz
09e682cd935373aa82d69d0bbd8d1619 32532 java optional tomcat9_9.0.95-1ubuntu1.debian.tar.xz
45bfef12a299371b385757a09acc5aee 14946 java optional tomcat9_9.0.95-1ubuntu1_source.buildinfo
Original-Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Vcs-Git: https://git.launchpad.net/~lvoytek/ubuntu/+source/tomcat9
Vcs-Git-Commit: 68b11992db0e062bb2b8c9bd7a57645499eca69b
Vcs-Git-Ref: refs/heads/merge-lp2116267-questing
More information about the Questing-changes
mailing list