I'm CC this message to debian-j...@l.d.o which is the right place for discussion, this is mostly an automated list.
On Wed, 2009-11-11 at 18:01 +0100, Luciana Moreira Sa de Souza Signed by - PrivaSphere AG wrote: > Hello, > > I apologize if this is not the right place to send this question to. If > it is not please point me to the correct contact person. > > In light of newly discovered security threats on TLS > (http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html), > > the current tomcat 5.5 available for debian lenny is vulnerable. > > The tomcat developers are currently working on a patch to allow the > setup of the server to completely prevent TLS renegotiation. For details > on the current discussion please look at this thread: > http://marc.info/?t=125761336000001&r=1&w=2 > > I would like to know if there are any plans on integrating this patch > into the current distribution. > > Thank you and best regards, > Luciana Moreira > > > ---------- > This message has been signed by the PrivaSphere Mail Signature Service. > _______________________________________________ > pkg-java-maintainers mailing list > pkg-java-maintain...@lists.alioth.debian.org > http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers -- Best regards, Adrian Perez <adrianperez....@gmail.com>
signature.asc
Description: This is a digitally signed message part
