-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4835-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
January 22, 2021                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tomcat9
CVE ID         : CVE-2020-13943 CVE-2020-17527

Two vulnerabilities were discovered in the Tomcat servlet and JSP
engine, which could result in information disclosure.

For the stable distribution (buster), these problems have been fixed in
version 9.0.31-1~deb10u3.

We recommend that you upgrade your tomcat9 packages.

For the detailed security status of tomcat9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tomcat9

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmALHM4ACgkQEMKTtsN8
TjbyVhAAsRMdG5035DP9mdfaw5st0w7DBICe6XmZJyM3aHGZCVpH0zXaPEVcI/xn
oGiTZTPFiBbS3VpaUSREzCIolNov/wVm9Izly+HYHufVnNRTnd7H9DRL5h72jcjL
SiyPNLKtN9xlm/2rzOwyAnNrqw/CSzr4jSsJ0Q25cHuwlJzIOap2uBFx6yELgktK
EyfN9yPgQXVa46DVPnOWDocO/DjRbILfP3QRHZ9yITNtxfde/KUOi5kpznWDiYV9
FD4CUN/0/PKS8391oa7upMOaYQSnyi/l70kKlQle03f0/5zMMs13TU7kttyYJ+2L
qWQaWcnCDC+CxmvLZYkOEbp+hspJpSkJev3pMCeoPzEGzVPP7ELI92niq4XBZAvv
Q09tmQ2XjDw6T78oSGk+iaWWKyxjvIlFOvGPANR1yXp78p7abegJvDDXcFRCEQc/
OCMf8FUjIOCkXjEZNugbEyhD0W/jScqi22d7oPMaslmBBbnd/XGJvfMRS2VXQkBk
yzMdqfgEwLMzKMcHw3ZzhKaw1zARbJ4r3imohUc+nrw+0r+tOdqxT3geRTMFgXLI
rOMxlbSYTSJFb90uVIH73NsERbjr1BqufK2zG2hbnmFA5KG3Tq+kuEwkCxVYdc5C
JBy5onP64pXnlZZKQfDZ7rc5n5BCAceVaJebBLW1oEXlA8ivooU=
=AUbU
-----END PGP SIGNATURE-----