Re: Tomcat 6 security vulnerabilities in Wheezy

To: "team@security.debian.org" <team@security.debian.org>
Cc: "debian-java@lists.debian.org" <debian-java@lists.debian.org>
Subject: Re: Tomcat 6 security vulnerabilities in Wheezy
From: Markus Koschany <apo@debian.org>
Date: Sat, 27 Feb 2016 23:45:45 +0100
Message-id: <[🔎] 56D22719.5020003@debian.org>
In-reply-to: <[🔎] 56C9F70A.7050601@debian.org>
References: <[🔎] 56C5CB0C.8040400@debian.org> <[🔎] 56C5FAF0.80801@apache.org> <[🔎] 56C5FE41.9020603@debian.org> <[🔎] 20160218194601.GA2305@pisco.westfalen.local> <[🔎] 56C9F70A.7050601@debian.org>

Hi,

as you know Tomcat 6 is affected by new security vulnerabilities that
are fixed in version 6.0.45. Do you want me to replace the last version
I sent to you regarding Wheezy with this one or shall I upload version
6.0.41 instead, which is more tested, and prepare another upload
afterwards. I wouldn't mind this incremental approach but I could also
merge 6.0.45 into Wheezy right now.

The update for Jessie should be straight forward because src:tomcat6
only builds the unaffected servlet API, so we just need to replace the
upstream sources.

Regards,

Markus

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- Tomcat 6 security vulnerabilities in Wheezy
  - From: Markus Koschany <apo@debian.org>
- Re: Tomcat 6 security vulnerabilities in Wheezy
  - From: Emmanuel Bourg <ebourg@apache.org>
- Re: Tomcat 6 security vulnerabilities in Wheezy
  - From: Markus Koschany <apo@debian.org>
- Re: Tomcat 6 security vulnerabilities in Wheezy
  - From: Moritz Mühlenhoff <jmm@inutil.org>
- Re: Tomcat 6 security vulnerabilities in Wheezy
  - From: Markus Koschany <apo@debian.org>

Prev by Date: Re: jb_build with "-source 8" ignored
Next by Date: Re: bsh (BeanShell) security vulnerability (CVE-2016-2510)
Previous by thread: Re: Tomcat 6 security vulnerabilities in Wheezy
Next by thread: bsh (BeanShell) security vulnerability (CVE-2016-2510)
Index(es):
- Date
- Thread