Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.maint.java > #12276

Re: tomcat9 in buster-backports vs. security

Show key headers only | View raw

On Tue, 10 Aug 2021, Markus Koschany wrote:

> Currently I don't plan to update the bpo version of Tomcat 9 in Buster. If you
> prefer the latest updates then I'd suggest to focus on bullseye-backports from

I think you misunderstood the intention of this request.

Packages in $version-backports have to be up-to-date wrt.
their corresponding packages from $(version+1), except
small, not very user-visible, etc. changes.

In the case of security updates, this is even more important.

The person who uploaded the first backport basically agreed
to keep the tomcat9 backport up-to-date over the lifetime of
buster-backports, that is, to approximately 14/15ᵗʰ August 2022(!).

> now on. I am not sure yet if the regression which I have fixed in
> 9.0.43-3 requires another security update for bullseye or buster at
> the moment, since an easy workaround is available and probably not
> many users are affected. I will monitor the situation though.

Right.

However, if you’re not intending to update the buster backport,
please file a removal request and inform the users (via the bpo
mailing list) about this and the extant security issues in the
version they have installed.

Thanks,
//mirabilos

ObPlug:	http://www.mirbsd.org/~tg/Debs/dists/buster/lts/Pkgs/tomcat9/
	is what I try to keep reasonably up to date. It also contains
	the sysvinit fixes. It’s built in a bullseye chroot though,
	and as such does NOT follow the bpo rules. It’s a works-for-me
	thing which one MAY use if they want, at their own risk.
-- 
Infrastrukturexperte • tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

*************************************************

Mit dem tarent-Newsletter nichts mehr verpassen: www.tarent.de/newsletter

*************************************************

Back to linux.debian.maint.java | Previous | Next — Previous in thread | Next in thread | Find similar

Thread

tomcat9 in buster-backports vs. security Thorsten Glaser <t.glaser@tarent.de> - 2021-08-10 22:10 +0200
  Re: tomcat9 in buster-backports vs. security Markus Koschany <apo@debian.org> - 2021-08-10 22:40 +0200
    Re: tomcat9 in buster-backports vs. security Thorsten Glaser <t.glaser@tarent.de> - 2021-08-10 22:50 +0200
      Re: tomcat9 in buster-backports vs. security Markus Koschany <apo@debian.org> - 2021-08-10 23:00 +0200
        Re: tomcat9 in buster-backports vs. security Thorsten Glaser <t.glaser@tarent.de> - 2021-08-22 23:00 +0200
          Re: tomcat9 in buster-backports vs. security Markus Koschany <apo@debian.org> - 2021-10-14 23:30 +0200
            Re: tomcat9 in buster-backports vs. security Alexander Wirt <formorer@formorer.de> - 2021-10-15 11:00 +0200

csiph-web