-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 01 Apr 2025 23:03:17 +0200
Source: tomcat10
Binary: libtomcat10-embed-java libtomcat10-java tomcat10 tomcat10-admin tomcat10-common tomcat10-docs tomcat10-examples tomcat10-user
Architecture: all
Version: 10.1.34-0+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libtomcat10-embed-java - Apache Tomcat 10 - Servlet and JSP engine -- embed libraries
 libtomcat10-java - Apache Tomcat 10 - Servlet and JSP engine -- core libraries
 tomcat10   - Apache Tomcat 10 - Servlet and JSP engine
 tomcat10-admin - Apache Tomcat 10 - Servlet and JSP engine -- admin web applicatio
 tomcat10-common - Apache Tomcat 10 - Servlet and JSP engine -- common files
 tomcat10-docs - Apache Tomcat 10 - Servlet and JSP engine -- documentation
 tomcat10-examples - Apache Tomcat 10 - Servlet and JSP engine -- example web applicat
 tomcat10-user - Apache Tomcat 10 - Servlet and JSP engine -- tools to create user
Changes:
 tomcat10 (10.1.34-0+deb12u2) bookworm-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2025-24813:
     It was found that a malicious user was able to view security sensitive
     files and/or inject content into those files when writes were enabled for
     the default servlet (disabled by default) and support for partial PUT was
     enabled (default). Under certain circumstances, depending on the
     application in use, remote code execution may have been possible.
Checksums-Sha1:
 186cd613f45ddb5cd981777be22199631fa08bf0 4469076 libtomcat10-embed-java_10.1.34-0+deb12u2_all.deb
 062e559065bbd7a239aa69b9288be40e8b36f1e9 6390684 libtomcat10-java_10.1.34-0+deb12u2_all.deb
 547a814256b30d70fdd324b342a79517f12fa0b2 72584 tomcat10-admin_10.1.34-0+deb12u2_all.deb
 5554a21b46d56a22be9bbf3235a35fe65baa156d 66692 tomcat10-common_10.1.34-0+deb12u2_all.deb
 080c28a8c9c0350d01e7c90cf69be9537bbea55b 1239312 tomcat10-docs_10.1.34-0+deb12u2_all.deb
 6b31f8c025c5f390e8cd9623ea7b121ac4b3018a 392956 tomcat10-examples_10.1.34-0+deb12u2_all.deb
 af11f3f5485d7e30eeebf415f1bed19277cfdeca 38616 tomcat10-user_10.1.34-0+deb12u2_all.deb
 ff1803ec518bbbfbe852068e922f49156fc686d4 16242 tomcat10_10.1.34-0+deb12u2_all-buildd.buildinfo
 ae3ca0ddab7834d0e6971c98dab559d15490dd4a 42348 tomcat10_10.1.34-0+deb12u2_all.deb
Checksums-Sha256:
 246f69fe783720bb8b94b7d4c047a366c62cece896da7c3b77ca5dbc3c0baf11 4469076 libtomcat10-embed-java_10.1.34-0+deb12u2_all.deb
 e648b2b1f343b3bd30eab16a6e8f2955d1badc2ccb73c8ab5a168e75a7efad01 6390684 libtomcat10-java_10.1.34-0+deb12u2_all.deb
 b81b7e4cb7378015513425046d67f5b416d83efe97235fa99507d3b5e7e643d0 72584 tomcat10-admin_10.1.34-0+deb12u2_all.deb
 ed3d69bff5a1200c69de8de6ae154ff92e8711838b81242626e540140d17e6cf 66692 tomcat10-common_10.1.34-0+deb12u2_all.deb
 b03fab15899b0114de0ef4aeb6542eda733002a199f9dc6339a20c67dda4e8f5 1239312 tomcat10-docs_10.1.34-0+deb12u2_all.deb
 4ad4eb85131224a9e1ef134c84fe00dbf3b8a5c6618990806ec108e7e4e83e20 392956 tomcat10-examples_10.1.34-0+deb12u2_all.deb
 03e890029e91f9869b23b457eb3e440723eb1285ffeb6af97649a237cb9fe9fb 38616 tomcat10-user_10.1.34-0+deb12u2_all.deb
 7ac483fc3ee512889e93eade4145e8ea580a5bc521d6a388cb9055a0f1c98cb4 16242 tomcat10_10.1.34-0+deb12u2_all-buildd.buildinfo
 946d4b899079747d6560927994a69a078e39f64fa041a9bf5d141fee758d6b38 42348 tomcat10_10.1.34-0+deb12u2_all.deb
Files:
 5594bcc7323cfe64c3d3f6f3b9cc9c08 4469076 java optional libtomcat10-embed-java_10.1.34-0+deb12u2_all.deb
 56161123f688811423d4096747f5de5d 6390684 java optional libtomcat10-java_10.1.34-0+deb12u2_all.deb
 c7b352409832a89cc2e848ff9a6e8e01 72584 java optional tomcat10-admin_10.1.34-0+deb12u2_all.deb
 6ce81bdd2d9ab3e531c286c9c2857e30 66692 java optional tomcat10-common_10.1.34-0+deb12u2_all.deb
 d782a01e9ed5d32b7f5282a81afed15d 1239312 doc optional tomcat10-docs_10.1.34-0+deb12u2_all.deb
 332b148ac2efa878997697aba3325605 392956 java optional tomcat10-examples_10.1.34-0+deb12u2_all.deb
 06b4e16ef13d17bb95abc22cdcc8da43 38616 java optional tomcat10-user_10.1.34-0+deb12u2_all.deb
 80390e7595cb1e806fd5d156960bc7d9 16242 java optional tomcat10_10.1.34-0+deb12u2_all-buildd.buildinfo
 e0a4b15b65cb16d6f0d2d3d802c3a0e0 42348 java optional tomcat10_10.1.34-0+deb12u2_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEaPzFtKPtF0JrKPV5iZlfn74WV6kFAmfsuMwACgkQiZlfn74W
V6lZCxAArQsN3Nh5ZsXAzrye2nIOjBm+oWJLnOfu22ZVJbh7Y52EVc/0LfK5ePbS
8JrJpmy8cRHKOO0+YvDCZQ5PtSsbwDwxo368gdKJ1UGIdFkcufQ9G4I0ocz8BqdD
wEU6GMM1b4W2xYiwVkseXJeXivWKFYx02BSa+Jzt+xPmYprnvT/TiFliICu/7fvL
UTo1BCPzg29AaEDGKk3hMng4fl+EixFI9ERFG3fJ+72ptY/dtseN0ftpO05kqc3c
X6hYCCTbM6f0KT1+xHLwLCt+7mSVGyZeNkYEwvQaD3UV4L64c9JifRsTRIdDfdfo
bVKJCcwT4opU8s0hA9QlViEXnfhNQRwTgrPoYc9n41AMKnZzdqczynfHoPm1XyHo
6xknO7LzDT8XsY73Hi6ZpWHzX5Gddmf0N25GftmfdRXqqNGwJhSV/9P0UdeLOUfW
sv7nwtIAAps8++em+32aNoa9+UWBiRpJpU7GS9+JZqkK3gKMkQHRJvmRPb/HWOXJ
hcCnyr7LrL+2blddARwGrU83ODkNiDLHq0tnH7XwIOMKQXzd1ZKj+LsS0zWA6EK/
6QdsVu2hQolJa3VAe6B1bQrh+olOlAXqWUfoJjVU8lWO5eDdfTk45I/VVn3SfX72
HajJ7ncpENzV7fO96bE3GGxdTEHdn/4tUckidF5FjHcrUG46MFc=
=OaTG
-----END PGP SIGNATURE-----