[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Testers needed for Tomcat security update



On Mon, Jan 30, 2012 at 01:55:57PM +0000, Dominic Hargreaves wrote:
> On Sun, Jan 29, 2012 at 01:14:20PM +0100, Moritz Mühlenhoff wrote:
> > Moritz Mühlenhoff <jmm@inutil.org> schrieb:
> > > Hi,
> > > the changes needed to secure Tomcat against the recent hash collision
> > > attack are large and instrusive. That's why we decided to update to
> > > 6.0.35 in the upcoming stable update.
> > >
> > > No breakage is expected, but we need more "beta testers" before we 
> > > can release the update. The packages can be fetched from 
> > > http://people.debian.org/~tmancill/ (6.0.35-1+squeeze1)
> > >
> > > Please send negative/positive test feedback to jmm@debian.org
> > 
> > We've received no feedback so far. In the absence of feedback, there
> > won't be a DSA.
> 
> I can try and get some testing of this done

We tested the Tomcat update on three test servers: two running bespoke
applications, and the third running a Shibboleth IdP. In all cases,
we ran Tomcat not via the init scripts provided, but via daemontools,
and we ran it using OpenJDK from squeeze.

Our tests did not find any problems with the update.

Cheers,
Dominic.

-- 
Dominic Hargreaves, Systems Development and Support Team
Computing Services, University of Oxford

Attachment: signature.asc
Description: Digital signature


Reply to: