Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.maint.java > #8884
| Path | csiph.com!news.freedyn.net!newsfeed.datemas.de!weretis.net!feeder4.news.weretis.net!storethat.news.telefonica.de!telefonica.de!news.panservice.it!bofh.it!news.nic.it!robomod |
|---|---|
| From | Markus Koschany <apo@debian.org> |
| Newsgroups | linux.debian.maint.java |
| Subject | Tomcat 6 security vulnerabilities in Wheezy |
| Date | Thu, 18 Feb 2016 14:50:02 +0100 |
| Message-ID | <r3x7Y-6f7-13@gated-at.bofh.it> (permalink) |
| X-Mailbox-Line | From debian-java-request@lists.debian.org Thu Feb 18 13:46:08 2016 |
| Old-Return-Path | <apo@debian.org> |
| X-Amavis-Spam-Status | No, score=-12 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no |
| X-Policyd-Weight | using cached result; rate: -5 |
| User-Agent | Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.5.0 |
| MIME-Version | 1.0 |
| Content-Type | multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="906SjQ6S1gvuVApx0vQPq8m0h5o4gJ2r7" |
| X-Sa-Exim-Scanned | No (on richard.fcube.de); SAEximRunCond expanded to false |
| X-Mailing-List | <debian-java@lists.debian.org> archive/latest/19209 |
| List-ID | <debian-java.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-java/> |
| List-Archive | https://lists.debian.org/msgid-search/56C5CB0C.8040400@debian.org |
| Approved | robomod@news.nic.it |
| Lines | 50 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Date | Thu, 18 Feb 2016 14:45:48 +0100 |
| X-Original-Message-ID | <56C5CB0C.8040400@debian.org> |
| Xref | csiph.com linux.debian.maint.java:8884 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
Hi, According to [1] Tomcat 6 in Wheezy is still affected by a couple of security vulnerabilities that were already fixed in Squeeze-LTS and Jessie. Would it be sensible to apply the same changes (backporting the 6.0.41 release to Wheezy too) or are there any reasons why this has not been done before? Has anybody spoken with the Security Team about Tomcat security updates in general? Do they approve of backporting newer upstream releases? Regards, Markus [1] https://security-tracker.debian.org/tracker/source-package/tomcat6
Back to linux.debian.maint.java | Previous | Next — Next in thread | Find similar | Unroll thread
Tomcat 6 security vulnerabilities in Wheezy Markus Koschany <apo@debian.org> - 2016-02-18 14:50 +0100
Re: Tomcat 6 security vulnerabilities in Wheezy tony mancill <tmancill@debian.org> - 2016-02-18 18:10 +0100
Re: Tomcat 6 security vulnerabilities in Wheezy Emmanuel Bourg <ebourg@apache.org> - 2016-02-18 18:20 +0100
Re: Tomcat 6 security vulnerabilities in Wheezy Markus Koschany <apo@debian.org> - 2016-02-18 18:30 +0100
Re: Tomcat 6 security vulnerabilities in Wheezy Moritz Mühlenhoff <jmm@inutil.org> - 2016-02-18 20:50 +0100
Re: Tomcat 6 security vulnerabilities in Wheezy Markus Koschany <apo@debian.org> - 2016-02-21 18:50 +0100
Re: Tomcat 6 security vulnerabilities in Wheezy Markus Koschany <apo@debian.org> - 2016-02-27 23:50 +0100
Re: Tomcat 6 security vulnerabilities in Wheezy Moritz Mühlenhoff <jmm@inutil.org> - 2016-03-14 23:10 +0100
Re: Tomcat 6 security vulnerabilities in Wheezy Markus Koschany <apo@debian.org> - 2016-03-16 14:30 +0100
Re: Tomcat 6 security vulnerabilities in Wheezy Moritz Mühlenhoff <jmm@inutil.org> - 2016-03-25 00:40 +0100
csiph-web