Path: csiph.com!aioe.org!bofh.it!news.nic.it!robomod
From: Markus Koschany <apo@debian.org>
Newsgroups: linux.debian.maint.java
Subject: Re: Tomcat 6 security vulnerabilities in Wheezy
Date: Sat, 27 Feb 2016 23:50:01 +0100
Message-ID: <r6VQt-1fb-1@gated-at.bofh.it>
References: <r3x7Y-6f7-13@gated-at.bofh.it> <r3Apc-pQ-11@gated-at.bofh.it> <r3AyS-uN-9@gated-at.bofh.it> <r3CKn-23z-27@gated-at.bofh.it> <r4GiT-12G-47@gated-at.bofh.it>
X-Mailbox-Line: From debian-java-request@lists.debian.org  Sat Feb 27 22:46:01 2016
Old-Return-Path: <apo@debian.org>
X-Amavis-Spam-Status: No, score=-12 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
X-Policyd-Weight: using cached result; rate: -5
X-Enigmail-Draft-Status: N1110
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.6.0
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="qVEoGsUqUgHLTW6VIjvSqWsdnLUojmLcC"
X-Sa-Exim-Scanned: No (on richard.fcube.de); SAEximRunCond expanded to false
X-Mailing-List: <debian-java@lists.debian.org> archive/latest/19229
List-ID: <debian-java.lists.debian.org>
List-URL: <https://lists.debian.org/debian-java/>
List-Archive: https://lists.debian.org/msgid-search/56D22719.5020003@debian.org
Approved: robomod@news.nic.it
Lines: 49
Organization: linux.* mail to news gateway
Sender: robomod@news.nic.it
X-Original-Cc: "debian-java@lists.debian.org" <debian-java@lists.debian.org>
X-Original-Date: Sat, 27 Feb 2016 23:45:45 +0100
X-Original-Message-ID: <56D22719.5020003@debian.org>
X-Original-References: <56C5CB0C.8040400@debian.org> <56C5FAF0.80801@apache.org> <56C5FE41.9020603@debian.org> <20160218194601.GA2305@pisco.westfalen.local> <56C9F70A.7050601@debian.org>
Xref: csiph.com linux.debian.maint.java:8904

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--qVEoGsUqUgHLTW6VIjvSqWsdnLUojmLcC
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi,

as you know Tomcat 6 is affected by new security vulnerabilities that
are fixed in version 6.0.45. Do you want me to replace the last version
I sent to you regarding Wheezy with this one or shall I upload version
6.0.41 instead, which is more tested, and prepare another upload
afterwards. I wouldn't mind this incremental approach but I could also
merge 6.0.45 into Wheezy right now.

The update for Jessie should be straight forward because src:tomcat6
only builds the unaffected servlet API, so we just need to replace the
upstream sources.

Regards,

Markus


--qVEoGsUqUgHLTW6VIjvSqWsdnLUojmLcC
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJW0icZXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkOa0P/3lbB9k6xqpLL8ATHAyvCn8y
NdJG8XrruRA2VxW+EjCpSg2fYMraGOFP5LYv/rtGAfd466bBgUv/cDCprIxKXXlY
OldCMOe9lT4X0KibSzODK3UCjvsjSFpR30/BD5d1dY9ug8dPLABP7kTeoIjpFfhN
GIDPSsJ9mpr/HzaOHPX64bcfSpJuomKiLzUi77zlDfNbRjO/FmDNHbm+mVHZ7DTO
oH/fn3YIST7P2RzB0zQPTWwF2+0x0I305u8hUKma6+AkGVb3sMzSeSx+H9POb7rt
gDZxG3zFH+N8XOEy1WHI2aWpZMLPA8Q7Uxe9R7YQTtNjh7kA/c1SWTEZodt8SFYp
7QCU3tvlCvgFCcUzO78PjgSmVaRQjdXqfUBaDABScBFJpG2+L1lcgnjkKqcEHD4j
AGcuTOAonYcZF02SRQjcRe9uDu6kRTiyb7vK8qgqi3g2LVYc0om1WA0m/V1Wr+Ie
kYxTX2UYXCQY5ZIKLanXsFmYB3jGLTQM3KnVF3KtN2K26sHR80it2BBVzi02oG+7
911VtbNd7pJzFq8RGgdyCIyDGiVGevoP54y8Knd03de2fDCe05nZHVWUNtgbPBi/
J7TWYOEnclOXe1Z6lX5ci5MgpMIn1/0Xns+cHwjA5GarTRGg4UC6BQSWg/xvyIdh
11JpTabJzRZFqluQ9t9v
=HM7T
-----END PGP SIGNATURE-----

--qVEoGsUqUgHLTW6VIjvSqWsdnLUojmLcC--