Your message dated Mon, 03 Aug 2009 13:17:52 +0200
with message-id <[email protected]>
and subject line closing bugs in tomcat5
has caused the Debian Bug report #423435,
regarding CVE-2007-1858: insecure default SSL cipher configuration in Apache
Tomcat
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
423435: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=423435
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: tomcat5
Version: 5.0.30-12
Severity: normal
Tags: security
A vulnerability has been found in Tomcat:
CVE-2007-1858:
"The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31,
5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers,
including the anonymous cipher, which allows remote attackers to obtain
sensitive information or have other, unspecified impacts."
Please mention the CVE id in the changelog.
This also affects tomcat4 in sarge but I doubt a DSA is needed.
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
tomcat5 has been removed from Debian. This bug does not apply to
tomcat5.5 or tomcat6, or has already been reported or fixed there, so
I'm closing it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkp2x2AACgkQXjXn6TzcAQkSNgCgkow5fbA2C+YIQ8Gqssma9web
2poAn25kEBL4V63t+rdrk6zAg62LvypC
=jSjY
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
pkg-java-maintainers mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
