Bug#695251: tomcat7: CVE-2012-4431 CVE-2012-4534 CVE-2012-3546
tony mancill
tmancill at debian.org
Sat Dec 8 05:19:30 UTC 2012
retitle 695251 tomcat7: CVE-2012-4431 CVE-2012-3546
thanks
On 12/05/2012 11:49 PM, Moritz Muehlenhoff wrote:
> Package: tomcat7
> Severity: grave
> Tags: security
> Justification: user security hole
>
> New security issues in Tomcat have been disclosed:
> http://tomcat.apache.org/security-7.html
I am retitling this bug as the fix for CVE-2012-4534 is already included
in upstream release 7.0.28. See the upstream bug report 52858 [1]. I
also verified the affected source file and there's nothing to patch.
The other 2 CVEs are not yet addressed in 7.0.28.
Thank you,
tony
[1] https://issues.apache.org/bugzilla/show_bug.cgi?id=52858
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20121207/510fb656/attachment.pgp>
More information about the pkg-java-maintainers
mailing list