[DSA 2160-1] tomcat6 security update

To: debian-security@lists.debian.org
Subject: [DSA 2160-1] tomcat6 security update
From: moog <moog@sysdev.oucs.ox.ac.uk>
Date: Mon, 14 Feb 2011 12:31:29 +0000
Message-id: <[🔎] 4D5920A1.7070307@sysdev.oucs.ox.ac.uk>

Hi,

DSA 2160-1 is about CVE-2010-3718, CVE-2011-0013 and CVE-2011-0534.  It says
"The oldstable distribution (lenny) is not affected by these issues."  I wonder
if that's mistaken, because <http://tomcat.apache.org/security-6.html> says:

CVE-2010-3718 ... Affects: 6.0.0-6.0.29
CVE-2011-0013 ... Affects: 6.0.0-6.0.29
CVE-2011-0534 ... Affects: 6.0.0-6.0.30

and the lenny version of tomcat6 is based on 6.0.16.

Thanks.

Reply to:

Follow-Ups:
- Re: [DSA 2160-1] tomcat6 security update
  - From: Moritz Mühlenhoff <jmm@inutil.org>

Prev by Date: Re: status of introducing security mechanisms in Debian
Next by Date: Re: [SECURITY] [DSA 2162-1] openssl security update
Previous by thread: Re: [SECURITY] [DSA-2158-1] cgiirc security update
Next by thread: Re: [DSA 2160-1] tomcat6 security update
Index(es):
- Date
- Thread