Hi, According to [1] Tomcat 6 in Wheezy is still affected by a couple of security vulnerabilities that were already fixed in Squeeze-LTS and Jessie. Would it be sensible to apply the same changes (backporting the 6.0.41 release to Wheezy too) or are there any reasons why this has not been done before? Has anybody spoken with the Security Team about Tomcat security updates in general? Do they approve of backporting newer upstream releases? Regards, Markus [1] https://security-tracker.debian.org/tracker/source-package/tomcat6
Attachment:
signature.asc
Description: OpenPGP digital signature