Tomcat security patch
Luciana Moreira Sa de Souza Signed by - PrivaSphere AG
sign at privasphere.com
Wed Nov 11 17:01:06 UTC 2009
Hello,
I apologize if this is not the right place to send this question to. If
it is not please point me to the correct contact person.
In light of newly discovered security threats on TLS
(http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html),
the current tomcat 5.5 available for debian lenny is vulnerable.
The tomcat developers are currently working on a patch to allow the
setup of the server to completely prevent TLS renegotiation. For details
on the current discussion please look at this thread:
http://marc.info/?t=125761336000001&r=1&w=2
I would like to know if there are any plans on integrating this patch
into the current distribution.
Thank you and best regards,
Luciana Moreira
----------
This message has been signed by the PrivaSphere Mail Signature Service.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3860 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20091111/d5fbb76f/attachment.bin>
More information about the pkg-java-maintainers
mailing list