-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2010-07-25 14:11, Niels Thykier wrote: > Hi > > As the subject suggests I am considering to do a stable upload of > tomcat5.5. I intend to fix: > #589864 - Missing security policy prevents proper logging ... > #532366 - Various Security issues > #576261 - missing dependency declaration on a JDK > > I had a short look at some of the other bugs, but decided to go only > with these. If you think other bugs should be fixed by this upload, > please let me know - though please be prepared to justify it and create > a patch for it. > On a related note, if anyone has started on this process or wants to > help (e.g. with testing), please let me know so we can coordinate this. > > As for the rest of the bugs filed against tomcat5.5, I intend to mark > them as wontfix and close them "in unstable"[1], since we have removed > tomcat5.5 from unstable and testing. > > I will query the security team + the release team about this and since > they have the final say, I cannot guarantee that all the bugs listed > will be closed. > I will write back to the debian-java list once I got more information. > > ~Niels > > NB: This email has been BCC'ed to the bugs in question and their > submitters + posters (except for people I know are subscribed to this > list). > If you receive this email per BCC and want to be notified about the > progress, ping me and I will put you in CC with my next email. > > [1] Making them as "fixed" in 5.5.26-5+rm. >
Hey I heard from the security team and they would like to do a security upload. Already reported: CVE-2008-5515 [P] CVE-2009-0033 [P] CVE-2009-0580 [P] CVE-2009-0781 [*] CVE-2009-0783 Additonal problems to fix: CVE-2010-2227 CVE-2010-1157 [*] CVE-2010-2902 CVE-2009-2693 I will write back when I am done with a request for review of the patches. ~Niels [*] Low impact security bug or/and only affects examples. [P] Generated patch for it with help from: http://tomcat.apache.org/security-5.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEAREIAAYFAkxP/DwACgkQVCqoiq1YlqwFLwCfV+tN+Mt29tKNwOpISS6+FES4 YxMAnjbjSsD87wPAzih2xE1jEZU5U9yx =vydU -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-java-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c4ffc3d.9070...@thykier.net
