-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 01 Apr 2025 23:03:17 +0200 Source: tomcat10 Binary: libtomcat10-embed-java libtomcat10-java tomcat10 tomcat10-admin tomcat10-common tomcat10-docs tomcat10-examples tomcat10-user Architecture: all Version: 10.1.34-0+deb12u2 Distribution: bookworm-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Markus Koschany Description: libtomcat10-embed-java - Apache Tomcat 10 - Servlet and JSP engine -- embed libraries libtomcat10-java - Apache Tomcat 10 - Servlet and JSP engine -- core libraries tomcat10 - Apache Tomcat 10 - Servlet and JSP engine tomcat10-admin - Apache Tomcat 10 - Servlet and JSP engine -- admin web applicatio tomcat10-common - Apache Tomcat 10 - Servlet and JSP engine -- common files tomcat10-docs - Apache Tomcat 10 - Servlet and JSP engine -- documentation tomcat10-examples - Apache Tomcat 10 - Servlet and JSP engine -- example web applicat tomcat10-user - Apache Tomcat 10 - Servlet and JSP engine -- tools to create user Changes: tomcat10 (10.1.34-0+deb12u2) bookworm-security; urgency=high . * Team upload. * Fix CVE-2025-24813: It was found that a malicious user was able to view security sensitive files and/or inject content into those files when writes were enabled for the default servlet (disabled by default) and support for partial PUT was enabled (default). Under certain circumstances, depending on the application in use, remote code execution may have been possible. Checksums-Sha1: 186cd613f45ddb5cd981777be22199631fa08bf0 4469076 libtomcat10-embed-java_10.1.34-0+deb12u2_all.deb 062e559065bbd7a239aa69b9288be40e8b36f1e9 6390684 libtomcat10-java_10.1.34-0+deb12u2_all.deb 547a814256b30d70fdd324b342a79517f12fa0b2 72584 tomcat10-admin_10.1.34-0+deb12u2_all.deb 5554a21b46d56a22be9bbf3235a35fe65baa156d 66692 tomcat10-common_10.1.34-0+deb12u2_all.deb 080c28a8c9c0350d01e7c90cf69be9537bbea55b 1239312 tomcat10-docs_10.1.34-0+deb12u2_all.deb 6b31f8c025c5f390e8cd9623ea7b121ac4b3018a 392956 tomcat10-examples_10.1.34-0+deb12u2_all.deb af11f3f5485d7e30eeebf415f1bed19277cfdeca 38616 tomcat10-user_10.1.34-0+deb12u2_all.deb ff1803ec518bbbfbe852068e922f49156fc686d4 16242 tomcat10_10.1.34-0+deb12u2_all-buildd.buildinfo ae3ca0ddab7834d0e6971c98dab559d15490dd4a 42348 tomcat10_10.1.34-0+deb12u2_all.deb Checksums-Sha256: 246f69fe783720bb8b94b7d4c047a366c62cece896da7c3b77ca5dbc3c0baf11 4469076 libtomcat10-embed-java_10.1.34-0+deb12u2_all.deb e648b2b1f343b3bd30eab16a6e8f2955d1badc2ccb73c8ab5a168e75a7efad01 6390684 libtomcat10-java_10.1.34-0+deb12u2_all.deb b81b7e4cb7378015513425046d67f5b416d83efe97235fa99507d3b5e7e643d0 72584 tomcat10-admin_10.1.34-0+deb12u2_all.deb ed3d69bff5a1200c69de8de6ae154ff92e8711838b81242626e540140d17e6cf 66692 tomcat10-common_10.1.34-0+deb12u2_all.deb b03fab15899b0114de0ef4aeb6542eda733002a199f9dc6339a20c67dda4e8f5 1239312 tomcat10-docs_10.1.34-0+deb12u2_all.deb 4ad4eb85131224a9e1ef134c84fe00dbf3b8a5c6618990806ec108e7e4e83e20 392956 tomcat10-examples_10.1.34-0+deb12u2_all.deb 03e890029e91f9869b23b457eb3e440723eb1285ffeb6af97649a237cb9fe9fb 38616 tomcat10-user_10.1.34-0+deb12u2_all.deb 7ac483fc3ee512889e93eade4145e8ea580a5bc521d6a388cb9055a0f1c98cb4 16242 tomcat10_10.1.34-0+deb12u2_all-buildd.buildinfo 946d4b899079747d6560927994a69a078e39f64fa041a9bf5d141fee758d6b38 42348 tomcat10_10.1.34-0+deb12u2_all.deb Files: 5594bcc7323cfe64c3d3f6f3b9cc9c08 4469076 java optional libtomcat10-embed-java_10.1.34-0+deb12u2_all.deb 56161123f688811423d4096747f5de5d 6390684 java optional libtomcat10-java_10.1.34-0+deb12u2_all.deb c7b352409832a89cc2e848ff9a6e8e01 72584 java optional tomcat10-admin_10.1.34-0+deb12u2_all.deb 6ce81bdd2d9ab3e531c286c9c2857e30 66692 java optional tomcat10-common_10.1.34-0+deb12u2_all.deb d782a01e9ed5d32b7f5282a81afed15d 1239312 doc optional tomcat10-docs_10.1.34-0+deb12u2_all.deb 332b148ac2efa878997697aba3325605 392956 java optional tomcat10-examples_10.1.34-0+deb12u2_all.deb 06b4e16ef13d17bb95abc22cdcc8da43 38616 java optional tomcat10-user_10.1.34-0+deb12u2_all.deb 80390e7595cb1e806fd5d156960bc7d9 16242 java optional tomcat10_10.1.34-0+deb12u2_all-buildd.buildinfo e0a4b15b65cb16d6f0d2d3d802c3a0e0 42348 java optional tomcat10_10.1.34-0+deb12u2_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEaPzFtKPtF0JrKPV5iZlfn74WV6kFAmfsuMwACgkQiZlfn74W V6lZCxAArQsN3Nh5ZsXAzrye2nIOjBm+oWJLnOfu22ZVJbh7Y52EVc/0LfK5ePbS 8JrJpmy8cRHKOO0+YvDCZQ5PtSsbwDwxo368gdKJ1UGIdFkcufQ9G4I0ocz8BqdD wEU6GMM1b4W2xYiwVkseXJeXivWKFYx02BSa+Jzt+xPmYprnvT/TiFliICu/7fvL UTo1BCPzg29AaEDGKk3hMng4fl+EixFI9ERFG3fJ+72ptY/dtseN0ftpO05kqc3c X6hYCCTbM6f0KT1+xHLwLCt+7mSVGyZeNkYEwvQaD3UV4L64c9JifRsTRIdDfdfo bVKJCcwT4opU8s0hA9QlViEXnfhNQRwTgrPoYc9n41AMKnZzdqczynfHoPm1XyHo 6xknO7LzDT8XsY73Hi6ZpWHzX5Gddmf0N25GftmfdRXqqNGwJhSV/9P0UdeLOUfW sv7nwtIAAps8++em+32aNoa9+UWBiRpJpU7GS9+JZqkK3gKMkQHRJvmRPb/HWOXJ hcCnyr7LrL+2blddARwGrU83ODkNiDLHq0tnH7XwIOMKQXzd1ZKj+LsS0zWA6EK/ 6QdsVu2hQolJa3VAe6B1bQrh+olOlAXqWUfoJjVU8lWO5eDdfTk45I/VVn3SfX72 HajJ7ncpENzV7fO96bE3GGxdTEHdn/4tUckidF5FjHcrUG46MFc= =OaTG -----END PGP SIGNATURE-----