Package: tomcat6 Severity: grave Tags: security Justification: user security hole
Please see http://tomcat.apache.org/security-6.html Since Wheezy is frozen, please apply isolated security fixes and do not update to a new upstream release. BTW, is it really necessary to have both tomcat6 and tomcat7 in Wheezy? Shouldn't tomcat6 be dropped in favour of tomcat7? Cheers, Moritz __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.