On Mon, 2022-11-14 at 16:00 +0000, Brad Turnbough wrote: > Can someone look into getting this package updated in order to resolve > this vulnerability?
Hi, why should a release model distro, especially a long term support release model distro, update to another software version? This doesn't make much sense. Maybe a security fix was already backported, maybe not. What vulnerabilities were mentioned by your snake oil scan? Without having it installed on my machine, just doing a 1 minute Internet research "Denial of Service" was found several times for Ubuntu related to Tomcat. Maybe it's a vulnerability that is already fixed? "[...]* SECURITY UPDATE: TLS Denial of Service diff -Nru tomcat9-9.0.31/debian/logrotate.template tomcat9- 9.0.31/debian/logrotate.template [...]" - http://launchpadlibrarian.net/618600500/tomcat9_9.0.31-1ubuntu0.2_9.0.31-1ubuntu0.3.diff.gz "[...] leading to a denial of service [...]" https://bugs.launchpad.net/ubuntu/+source/tomcat9/+bug/1888848 https://ubuntu.com/security/notices/USN-4596-1 The changelog is installed on your machine, you can simply grep the changelog for "Denial" and related terms, you even don't need to do the research by the Internet. Regards, Ralf -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
