Re: Tomcat 5.5 Vulnerabilities
On Wed, 30 Mar 2011 09:08:04 +0000, Johan Karlsson wrote:
> I'm trying to figure the Tomcat 5.5 Security Update that was announced
> on the security list earlier today:
> Package : tomcat5.5
> Vulnerability : several
> Problem type : remote
> Debian-specific: no
> CVE ID : CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781
> CVE-2009-0783 CVE-2009-2693 CVE-2009-2902 CVE-2010-1157 CVE-2010-2227
> I searched for "tomcat" in my Debian security list mail folder and the
> previous Tomcat 5.5 Debian security announcement was on 2008-06-09.
> So.. everything points to Tomcat 5.5 being unpached in Debian for 3
> years now, despite several more or less severe security vulnerabilities
> (several are classified as "important" on the Apache Tomcat site). Can
> this really be true?
It looks a bit strange, yep :-?
I would ask in debian security mailing list about this matter: