Re: Tomcat 5.5 Vulnerabilities

To: debian-user@lists.debian.org
Subject: Re: Tomcat 5.5 Vulnerabilities
From: Camaleón <noelamac@gmail.com>
Date: Wed, 30 Mar 2011 19:17:13 +0000 (UTC)
Message-id: <[🔎] pan.2011.03.30.19.17.13@gmail.com>
References: <[🔎] 7E30D8226BA9A6409900813063AF50AF72CD38@WIN03.ad.deltamanagement.se>

On Wed, 30 Mar 2011 09:08:04 +0000, Johan Karlsson wrote:

> I'm trying to figure the Tomcat 5.5 Security Update that was announced
> on the security list earlier today:
> 
> -----------------------------
> Package        : tomcat5.5
> Vulnerability  : several
> Problem type   : remote
> Debian-specific: no
> CVE ID         : CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781
> CVE-2009-0783 CVE-2009-2693 CVE-2009-2902 CVE-2010-1157 CVE-2010-2227

(...)

> I searched for "tomcat" in my Debian security list mail folder and the
> previous Tomcat 5.5 Debian security announcement was on 2008-06-09.
> 
> So.. everything points to Tomcat 5.5 being unpached in Debian for 3
> years now, despite several more or less severe security vulnerabilities
> (several are classified as "important" on the Apache Tomcat site). Can
> this really be true?

It looks a bit strange, yep :-?

I would ask in debian security mailing list about this matter:

http://lists.debian.org/debian-security/

Greetings,

-- 
Camaleón

Reply to:

References:
- Tomcat 5.5 Vulnerabilities
  - From: Johan Karlsson <johan.karlsson@deltamanagement.se>

Prev by Date: Re: SIGTERM received when installing Nvidia driver
Next by Date: Re: Console news aggregator: snownews with atom2rss
Previous by thread: Tomcat 5.5 Vulnerabilities
Next by thread: mailbox file permissions and timestamps
Index(es):
- Date
- Thread