[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Tomcat 5.5 Vulnerabilities



On Wed, 30 Mar 2011 09:08:04 +0000, Johan Karlsson wrote:

> I'm trying to figure the Tomcat 5.5 Security Update that was announced
> on the security list earlier today:
> 
> -----------------------------
> Package        : tomcat5.5
> Vulnerability  : several
> Problem type   : remote
> Debian-specific: no
> CVE ID         : CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781
> CVE-2009-0783 CVE-2009-2693 CVE-2009-2902 CVE-2010-1157 CVE-2010-2227

(...)

> I searched for "tomcat" in my Debian security list mail folder and the
> previous Tomcat 5.5 Debian security announcement was on 2008-06-09.
> 
> So.. everything points to Tomcat 5.5 being unpached in Debian for 3
> years now, despite several more or less severe security vulnerabilities
> (several are classified as "important" on the Apache Tomcat site). Can
> this really be true?

It looks a bit strange, yep :-?

I would ask in debian security mailing list about this matter:

http://lists.debian.org/debian-security/

Greetings,

-- 
Camaleón


Reply to: