-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed,  2 Apr 2025 04:14:02 CEST
Source: tomcat10
Architecture: source
Version: 10.1.34-0+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 e968b8123b9bc79ee57911a512dc5af9870ec5d0 3014 tomcat10_10.1.34-0+deb12u2.dsc
 19ec5e8c8f286a0cbbdf6ee8d910d3b216e3d62f 51916 tomcat10_10.1.34-0+deb12u2.debian.tar.xz
 91a0137854cdaa8cde2619688fd684a77266fa81 16805 tomcat10_10.1.34-0+deb12u2_amd64.buildinfo
Checksums-Sha256:
 90d82273304e8d6590f070f770e377f84a662834e13b285f64f982ec8347c820 3014 tomcat10_10.1.34-0+deb12u2.dsc
 6564bbf5e701b9b7c6e4c615757703a4dbf4c5254207d975dba2119b94b72c39 51916 tomcat10_10.1.34-0+deb12u2.debian.tar.xz
 d4c73571ebdb2bcc2de10c9565bf76e961a08dfa50a32252d6b2c1076ccf377b 16805 tomcat10_10.1.34-0+deb12u2_amd64.buildinfo
Changes:
 tomcat10 (10.1.34-0+deb12u2) bookworm-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2025-24813:
     It was found that a malicious user was able to view security sensitive
     files and/or inject content into those files when writes were enabled for
     the default servlet (disabled by default) and support for partial PUT was
     enabled (default). Under certain circumstances, depending on the
     application in use, remote code execution may have been possible.
Files:
 8e49ab78dde35a2d771595ebe3f5d3e3 3014 java optional tomcat10_10.1.34-0+deb12u2.dsc
 4b0e77b9a42bb0e10cffb8ecfc75bae5 51916 java optional tomcat10_10.1.34-0+deb12u2.debian.tar.xz
 6bdf30c87eeb4fe173d44dc601421288 16805 java optional tomcat10_10.1.34-0+deb12u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmfsn4tfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkurEP/079X4LNBwTwuL/kH4nD9FUMTsBnalaRBlx6
46lXOGm4ZhA//ZhBTmYTNBRZiwy2r9jBA/5rRHWkTVml6W53IQR+dxE/6KJYnvXB
H68mVjznplttI1dFuUXGmYVdUpRICff/eisCWrddx48f5BF+i8pEHJYiRPYz4qi2
H8QJHI48YzrzLNOe7CIT/Rr++Bxz0ZgurMZZJXDdQ3CgkI68ywSZrV8B2Rv+y9z0
AKMIFsOvAgdmuab3UTqF/pun/oCQujhy6N20wE1K5C6tUZD54wtudv2BHVxEbDiv
njfbZYYW9MBVSq9jDBSZakJCE8U8YCh8G6Mth+PzpMY8ZkdMjfzkF5I+wrZN4TnV
kFzJ3wfI8cfrgNW32D8FMmhXr6j33wAzKySrZbHrNVzu8EiTOc+urX8MtSQimvkR
rSxmid/9QbKaaLccW695Nhr2ZVhnWrwMUHz1oHYqdNQSujDfWlhtke2PTfbpd1QD
ejv2GqYQnIX6G4MxZCtEKQEh/jHWIKbYMKBzp5o1enxB3JB0QY9jRCDs+Pj9ckHW
hO7fXjE0oyey/wMg8BcX48oRsfSyrmPiD+ytpBp8eGn+lME+mhg9LeI66nJvKkxd
fYfQgDcLCAe7uZtGEAWTRwNXt1iM/xc9aSL0UIUgBprYoq+8kzJ++IMK2wlu5ogC
sDibm7Iu
=j02C
-----END PGP SIGNATURE-----