On Wed, 30 Mar 2011 09:08:04 +0000, Johan Karlsson wrote: > I'm trying to figure the Tomcat 5.5 Security Update that was announced > on the security list earlier today: > > ----------------------------- > Package : tomcat5.5 > Vulnerability : several > Problem type : remote > Debian-specific: no > CVE ID : CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 > CVE-2009-0783 CVE-2009-2693 CVE-2009-2902 CVE-2010-1157 CVE-2010-2227
(...) > I searched for "tomcat" in my Debian security list mail folder and the > previous Tomcat 5.5 Debian security announcement was on 2008-06-09. > > So.. everything points to Tomcat 5.5 being unpached in Debian for 3 > years now, despite several more or less severe security vulnerabilities > (several are classified as "important" on the Apache Tomcat site). Can > this really be true? It looks a bit strange, yep :-? I would ask in debian security mailing list about this matter: http://lists.debian.org/debian-security/ Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2011.03.30.19.17...@gmail.com
