Re: Tomcat 6 security vulnerabilities in Wheezy
On Wed, Mar 16, 2016 at 02:21:06PM +0100, Markus Koschany wrote:
> Am 14.03.2016 um 23:06 schrieb Moritz Mühlenhoff:
> > On Sat, Feb 27, 2016 at 11:45:45PM +0100, Markus Koschany wrote:
> >> Hi,
> >> as you know Tomcat 6 is affected by new security vulnerabilities that
> >> are fixed in version 6.0.45. Do you want me to replace the last version
> >> I sent to you regarding Wheezy with this one or shall I upload version
> >> 6.0.41 instead, which is more tested, and prepare another upload
> >> afterwards. I wouldn't mind this incremental approach but I could also
> >> merge 6.0.45 into Wheezy right now.
> > Sorry for the late reply. Let's move to 6.0.45 rightaway.
> I have uploaded 6.0.45 to security-master just now. I'm attaching the
> debdiff that shows the differences between the version in squeeze-lts
> and this one.
Thanks for preparing the update. All my tests were fine, I'll release the
DSA tomorrow (or rather later the day by now).