Debian 10261 Published by

A tomcat8 regression update has been released for Debian GNU/Linux 9 Extended LTS to address a regression introduced by the previous update.



ELA-985-2 tomcat8 regression update

Package : tomcat8
Version : 8.5.54-0+deb9u13 (stretch)

A regression was discovered in the Http2UpgradeHandler class of Tomcat 8
introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong
value for the overheadcount variable forced HTTP2 connections to close early.

ELA-985-2 tomcat8 regression update