Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.maint.java > #8969
| Path | csiph.com!eternal-september.org!feeder.eternal-september.org!aioe.org!bofh.it!news.nic.it!robomod |
|---|---|
| From | Markus Koschany <apo@debian.org> |
| Newsgroups | linux.debian.devel.release, linux.debian.maint.java |
| Subject | Re: New oldstable-proposed-updates diff: tomcat6 6.0.45+dfsg-1~deb7u1 |
| Date | Tue, 29 Mar 2016 23:30:02 +0200 |
| Message-ID | <ri9n4-3BH-5@gated-at.bofh.it> (permalink) |
| References | <ri7Oi-2sv-25@gated-at.bofh.it> <ri7Oi-2sv-23@gated-at.bofh.it> <ri87F-2Ps-57@gated-at.bofh.it> <ri93H-3su-5@gated-at.bofh.it> |
| X-Original-To | debian-release@lists.debian.org |
| X-Mailbox-Line | From debian-release-request@lists.debian.org Tue Mar 29 21:23:45 2016 |
| Old-Return-Path | <apo@debian.org> |
| X-Amavis-Spam-Status | No, score=-12 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no |
| X-Policyd-Weight | using cached result; rate:hard: -5 |
| User-Agent | Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.7.0 |
| MIME-Version | 1.0 |
| Content-Type | multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="oVmu93nDhcHoLNpsvwxHabrnAux0KnXFs" |
| X-Sa-Exim-Scanned | No (on richard.fcube.de); SAEximRunCond expanded to false |
| X-Mailing-List | <debian-release@lists.debian.org> archive/latest/95702 |
| List-ID | <debian-release.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-release/> |
| List-Archive | https://lists.debian.org/msgid-search/56FAF252.9010205@debian.org |
| Approved | robomod@news.nic.it |
| Lines | 96 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Cc | team@security.debian.org, debian-java@lists.debian.org |
| X-Original-Date | Tue, 29 Mar 2016 23:23:30 +0200 |
| X-Original-Message-ID | <56FAF252.9010205@debian.org> |
| X-Original-References | <E1ajWeI-0006UA-4g@franck.debian.org> <1459280870.2441.190.camel@adam-barratt.org.uk> <56FADFAC.3000904@debian.org> <20160329210107.GA18955@pisco.westfalen.local> |
| Xref | csiph.com linux.debian.devel.release:62234 linux.debian.maint.java:8969 |
Cross-posted to 2 groups.
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
Am 29.03.2016 um 23:01 schrieb Moritz Mühlenhoff: > On Tue, Mar 29, 2016 at 10:03:56PM +0200, Markus Koschany wrote: >> The Security Team decided to mark the issues in Jessie as no-dsa because >> we only ship the servlet API and documentation in this release which >> can't be affected by security vulnerabilities at all. I wouldn't mind >> uploading the 6.0.45+dfsg-1~deb8u1 to Jessie but I think we can safely >> ignore the version number skew in this case. All Wheezy users who update >> to Jessie will keep 6.0.45+dfsg-1~deb7u1 for the servlet API and Jessie >> only users will continue to use 6.0.41. They will not be placed in a >> worse position. >> >> If you feel more comfortable with an updated source package in Jessie, I >> will gladly upload this one to Jessie. > > I missed the wheezy > jessie version skew aspect. In that case let's also > upgrade tomcat6 in jessie even though it's a NOP. > > But all those rdeps of libservlet2.5-java should really be upgraded > to libservlet3.1-java. > > Cheers, > Moritz [putting debian-java in the loop] I will upload a Jessie update of Tomcat 6 tomorrow. Please note that changing the rdeps of libservlet2.5-java to libservlet3.1-java is one of our goals for Stretch. [1] This is sometimes not an easy task because we also ship packages with specifications like osgi-compendium that support the Java servlet 2.5 API and above. See [2] for user voiced concerns. I don't think that libservlet2.5-java poses any security risk, so we should safely ignore this one in the future. Regards, Markus [1] https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=pkg-java-maintainers@lists.alioth.debian.org;tag=libservlet2.5-java [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801026
Back to linux.debian.maint.java | Previous | Next — Next in thread | Find similar | Unroll thread
Re: New oldstable-proposed-updates diff: tomcat6 6.0.45+dfsg-1~deb7u1 Markus Koschany <apo@debian.org> - 2016-03-29 23:30 +0200 Re: New oldstable-proposed-updates diff: tomcat6 6.0.45+dfsg-1~deb7u1 Moritz Mühlenhoff <jmm@inutil.org> - 2016-03-30 23:00 +0200
csiph-web