Bug#692440: marked as done (tomcat7: CVE-2012-2733 CVE-2012-3439)

[Debian Bug Tracking System]

Your message dated Sun, 18 Nov 2012 06:02:46 +0000
with message-id <e1tzxxu-0004he...@franck.debian.org>
and subject line Bug#692440: fixed in tomcat7 7.0.28-3+nmu1
has caused the Debian Bug report #692440,
regarding tomcat7: CVE-2012-2733 CVE-2012-3439
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
692440: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692440
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: tomcat7
Severity: grave
Tags: security
Justification: user security hole

Please see http://tomcat.apache.org/security-7.html

Since Wheezy is frozen, please apply isolated security fixes instead
of updating to a new upstream release.

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: tomcat7
Source-Version: 7.0.28-3+nmu1

We believe that the bug you reported is fixed in the latest version of
tomcat7, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 692...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilb...@debian.org> (supplier of updated tomcat7 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 18 Nov 2012 01:40:30 +0000
Source: tomcat7
Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java 
libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs
Architecture: source all
Version: 7.0.28-3+nmu1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers 
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilb...@debian.org>
Description: 
 libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes
 libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation
 libtomcat7-java - Servlet and JSP engine -- core libraries
 tomcat7    - Servlet and JSP engine
 tomcat7-admin - Servlet and JSP engine -- admin web applications
 tomcat7-common - Servlet and JSP engine -- common files
 tomcat7-docs - Servlet and JSP engine -- documentation
 tomcat7-examples - Servlet and JSP engine -- example web applications
 tomcat7-user - Servlet and JSP engine -- tools to create user instances
Closes: 692440
Changes: 
 tomcat7 (7.0.28-3+nmu1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Fix cve-2012-3439: multiple replay attack issues in digest authentication.
     (closes: #692440)
Checksums-Sha1: 
 e6c4534bafc8e50dbff9e0e9bcac4a5b4a3a5692 3330 tomcat7_7.0.28-3+nmu1.dsc
 3791505c61cd6f357cd3e99b2f87c1d619d76e20 50118 
tomcat7_7.0.28-3+nmu1.debian.tar.gz
 071d2cddbfbb71ca49fbdd0d859704e420e62ac5 61906 
tomcat7-common_7.0.28-3+nmu1_all.deb
 81804f7d087eec44f2e40fa96db04fdda9b164c1 49206 tomcat7_7.0.28-3+nmu1_all.deb
 c65e95a8581caed3a0a079bdd9f8629675db2a61 37348 
tomcat7-user_7.0.28-3+nmu1_all.deb
 d330e247a33486c0a79462cbef81672f157c40a8 3502208 
libtomcat7-java_7.0.28-3+nmu1_all.deb
 fb070975386e93cf841dab3c84fcb44324bfe46a 303420 
libservlet3.0-java_7.0.28-3+nmu1_all.deb
 38b345eba0dfa770bd5f3810ec442235306d5e06 299764 
libservlet3.0-java-doc_7.0.28-3+nmu1_all.deb
 deb8b9025f4a21014bda8ef6c5c9390774f0fd7c 50094 
tomcat7-admin_7.0.28-3+nmu1_all.deb
 834bbaec8b2766e5ff4168eab1adcf4389b91921 201220 
tomcat7-examples_7.0.28-3+nmu1_all.deb
 6ad12e37a8c0e55b0c4012e47333e0bc01132643 649026 
tomcat7-docs_7.0.28-3+nmu1_all.deb
Checksums-Sha256: 
 624c832bfa698cd315f88b89053ced82e3c88d709d89beb1a85f52564b3457fb 3330 
tomcat7_7.0.28-3+nmu1.dsc
 4b4cb803b3cff3b65ba4fca965f8fe4df8db2fe50ae18d2d47fa8fe8e48a04d5 50118 
tomcat7_7.0.28-3+nmu1.debian.tar.gz
 054751719d2c8da631c3cb5a78f64cf1c31e139160a309c1a9e13b13c0eb9aa9 61906 
tomcat7-common_7.0.28-3+nmu1_all.deb
 a8a20a62c00ab4bb80e320b4365895dedfd958d4e51079c353f068c645939a47 49206 
tomcat7_7.0.28-3+nmu1_all.deb
 9382e29065378fd6d35aab28cc827fe3282bc921aa5764b7e01991a540f85da2 37348 
tomcat7-user_7.0.28-3+nmu1_all.deb
 8830844109b0995d36c4cc96ecefa42169cf234cd345af2b4b1b4a3cbed38497 3502208 
libtomcat7-java_7.0.28-3+nmu1_all.deb
 24d81a69b592ef34399498c023c25c1edc571f8cdf68e3baa6d6579d871c4722 303420 
libservlet3.0-java_7.0.28-3+nmu1_all.deb
 079a7d37e3edb7ea78e13937305ba5ccee7188687bef87a07294dc93408c2574 299764 
libservlet3.0-java-doc_7.0.28-3+nmu1_all.deb
 9b86a3154b2723232f69c374fc1de8537eaab862781ce8cccd0890ae8e056a1a 50094 
tomcat7-admin_7.0.28-3+nmu1_all.deb
 d5049ef988da5790c70284fa7bffc71c8c31d3b25940b043176e5bb4f669c8e8 201220 
tomcat7-examples_7.0.28-3+nmu1_all.deb
 d39b3fa56b69b6df7e4afb91f77263d63c0b298d36c58be9f1b7f318063f1039 649026 
tomcat7-docs_7.0.28-3+nmu1_all.deb
Files: 
 dd544b4852230fc8f9b773325b48952e 3330 java optional tomcat7_7.0.28-3+nmu1.dsc
 8d2fe397a1cf831e353ae99227ec4275 50118 java optional 
tomcat7_7.0.28-3+nmu1.debian.tar.gz
 524ef3fb9e3a4bb2459bd0f94ad2fdf7 61906 java optional 
tomcat7-common_7.0.28-3+nmu1_all.deb
 a800f7562dd5d06c0ff75c830b745faf 49206 java optional 
tomcat7_7.0.28-3+nmu1_all.deb
 3a19304a888ddb37c976546228a8b985 37348 java optional 
tomcat7-user_7.0.28-3+nmu1_all.deb
 4ca51c896f95dd6c4444d7751598ba52 3502208 java optional 
libtomcat7-java_7.0.28-3+nmu1_all.deb
 c53e2ac31d9f0b0dd1914e7032e962ca 303420 java optional 
libservlet3.0-java_7.0.28-3+nmu1_all.deb
 52fc5e1b9d85c6cd7782f9aa0d58f8f3 299764 doc optional 
libservlet3.0-java-doc_7.0.28-3+nmu1_all.deb
 d845a35619527818fa6e3e1b1c5fbef1 50094 java optional 
tomcat7-admin_7.0.28-3+nmu1_all.deb
 eed814f4a21fbb5e2d74278f45d7ccfb 201220 java optional 
tomcat7-examples_7.0.28-3+nmu1_all.deb
 9599ce001306e8646e9c11e194bf783a 649026 doc optional 
tomcat7-docs_7.0.28-3+nmu1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQQcBAEBCAAGBQJQqHfxAAoJELjWss0C1vRzAr0f/1HUj1Yy3nMuwYBsCmOGSjfp
A34D/WvsZbjFtaYG3vJwy76rHR+bAIWE9YXQ3aWTcq1ic0kxxGiHMsctMgxqzVsR
oqkcCsffYfNo9ckYbPgyhqf8RaQLvLI5DoMxuTBHR/J4eQYKVKue097idBTiSYGY
+IOsUW4DScreFixpCFus+bMNTGO6bv7EFP7WYOIZOrBDBSucSxwKHNuabLXMdKlw
4V/nkvO3l8dg6q+wzPlij6s0gYwvhYO/H9yZyQhtqfwBlRXTd4BIbtx0EwGCXZJ7
itsvwiIU4h6QAOxMnX2HMvCIuU2twFIMLAdoauIrI6ALTTIhFLZbXY43Ra9QooUe
s2erHaniQTHEYSjXuVFg44r+YG4LssGgGoBghHA8LRMLK5pYK7uFn/iVG753+4za
jvS6KHnZ+oWcF1p0714RIXUUABa5uFtN3ExgsfXPUiURGZltsJAGSWy49AW/6C1Z
Bihj8n0dPDezJiMKQOuti/lvJ+u8moEWa+KtDBzQf3QhwBuUhSmQQAGWU02/RdG6
JJNXmfYxHb6Vl/J/zu5FtZVFIemkF82XOHN1jqbv4KCIg9puU1aqxK2+SVOQP32p
XMF0Hzt1a2nKoggAz2EdvUBH+Pd8LWuzSbjHhvtGtARqAWY1pKfP/DWMEyOTMk7g
eBZ30/yt7C08AphZmb0Zv47Tep4HveUzBWEzZ/8gIO5lBggeFNIfcATZKCSwE9T3
tZGTSKIH3YDmlcR7+poq/pZf9Jjl2GP4HVRPRRFchDDCglxTuFj1fZfqP15+ZLZm
/wgOm5//jQBRs5WuMWyfQMwaZmYWr9v6/qGKAv1E0kXQB16xIGC94GdLXbg/Ki85
4RR562O9VAdpKmqUJgwxUSNrgErShvkQBDK0XlE127mSmtTbaksWAhbCjaCITD36
2NHZgFXvjomP/cuIFjKDn3QisztqUkjfbfaXpYR3TQmdEp0btB+yIcSDQIvaAiU8
IHWWShgo1p3xQEXQqGjc324QjWtWIwMhRJu+nx2xdlYjMGYwSyQOxKQVYhJlAx6y
gBW9/WtgHATAAhq3oPZQRK+HA0YQnldpCTWR8j1m3NVHrpMoGOCgIniCTYXA+J37
tJG5+bmbKC/C5IZYnkXbOKL9ZuSlESJuHoFWSs4/H6sY5RsUsZgw6AGWbJYNDjWa
94k4Bq353EXEcl6hm9Bclp6+4PJX8vN/tp+gfQMMAfMyTIYvpV+2tddFFl4JuNsk
0u0Tdlmx9fqxtnLH1MUXHCpMCrajNTuSLA4SsKimidCbb2ZDVWkvrysM2lp26LXg
fFnVPA/ipo1DzY1H9O6887zsssYc7O22CqJJ+1md+pXdjNBT3U4vaVbsPAKXmtE=
=AGXp
-----END PGP SIGNATURE-----

--- End Message ---