[Secure-testing-team] Bug#692439: tomcat6: CVE-2012-2733 CVE-2012-3439
Moritz Muehlenhoff
jmm at inutil.org
Tue Nov 6 10:37:21 UTC 2012
Package: tomcat6
Severity: grave
Tags: security
Justification: user security hole
Please see http://tomcat.apache.org/security-6.html
Since Wheezy is frozen, please apply isolated security fixes and do not update
to a new upstream release.
BTW, is it really necessary to have both tomcat6 and tomcat7 in Wheezy? Shouldn't
tomcat6 be dropped in favour of tomcat7?
Cheers,
Moritz
More information about the Secure-testing-team
mailing list