Summary: | www-servers/tomcat < 6.0.14 multiple vulnerabilities (CVE-2007-338{2,5,6}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | William L. Thomson Jr. (RETIRED) <wltjr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | java |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/26466/ | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
William L. Thomson Jr. (RETIRED)
2007-08-14 17:45:53 UTC
6.0.14 is in tree, recently requested stabilization of 6.0.13. We might rush stabilize 6.0.14. No changes to package short of upstream code modifications, which mostly seem to be bug fixes and etc. I'll close the others two bugs since they affect the same versions. William, is it okay to call arches for stabling 6.0.14? And what about the 5.x series? please advise. *** Bug 188869 has been marked as a duplicate of this bug. *** *** Bug 188868 has been marked as a duplicate of this bug. *** (In reply to comment #2) > I'll close the others two bugs since they affect the same versions. William, is > it okay to call arches for stabling 6.0.14? Yes, 6.0.14 is good to go for stabilization. > And what about the 5.x series? please advise. Upstream is supposed to do a 5.5.25 release for weeks now. No clue when their will be a release. Till then 5.5.24 is effected by the issues, although they are low severity. They can not run the host manager to avoid one of the issues. The other two are a bit harder, and it's recommended all around to upgrade to 6.0.14. But some are reluctant :) thanks for the info. Arches, please test and mark stable www-servers/tomcat-6.0.14. Target keywords are: "amd64 ppc ppc64 x86 ~x86-fbsd" ppc stable Looks like they are about to tag 5.5.25 and release it finally. http://marc.info/?l=tomcat-dev&m=118798774800543&w=2 amd64 stable (In reply to comment #9) > amd64 stable ppc64 stable x86 stable, sorry for the delay, readding ppc64, you forgot dev-java/tomcat-servlet-api-6.0.14 thanks opfer. dev-java/tomcat-servlet-api-6.0.14 stable on ppc64 This one is ready for GLSA vote. I vote NO. voting NO too and closing. |