Hi, DSA 2160-1 is about CVE-2010-3718, CVE-2011-0013 and CVE-2011-0534. It says "The oldstable distribution (lenny) is not affected by these issues." I wonder if that's mistaken, because <http://tomcat.apache.org/security-6.html> says:
CVE-2010-3718 ... Affects: 6.0.0-6.0.29 CVE-2011-0013 ... Affects: 6.0.0-6.0.29 CVE-2011-0534 ... Affects: 6.0.0-6.0.30 and the lenny version of tomcat6 is based on 6.0.16. Thanks. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d5920a1.7070...@sysdev.oucs.ox.ac.uk
