svn commit: r882369 - /tomcat/tc5.5.x/trunk/STATUS.txt

Thu, 19 Nov 2009 16:50:45 -0800 

Author: markt
Date: Fri Nov 20 00:50:20 2009
New Revision: 882369

URL: http://svn.apache.org/viewvc?rev=882369&view=rev
Log:
Propose alternative fix

Modified:
    tomcat/tc5.5.x/trunk/STATUS.txt

Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=882369&r1=882368&r2=882369&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Fri Nov 20 00:50:20 2009
@@ -250,4 +250,11 @@
   http://people.apache.org/~markt/patches/2009-11-17-cookie-allow-equals.patch
   +1: markt
   -1: 
-  
\ No newline at end of file
+
+* Alternative fix for CVE-2009-3555 SSL MITN
+  The current patch uses an async callback to close the socket. It is
+  technically possible an attack may suceed before the socket is closed
+  The new patch only logs failed server initiated negotiations 
+  http://people.apache.org/~markt/patches/2009-11-20-cve2009-3555-v2.patch
+  +1: markt
+  -1: 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to