Rainer Jung wrote:
Until now I didn't notice a commited fix for the cookie problem, but
Mark or Filip might comment whether there are plans to include a fix
in 5.5.25.
For CVE 3382, the fix appears to be in 5.5.x HEAD (rev 559280 and rev
557468) and 6.0.x HEAD (rev 557467) -- These checkins were committed
around July 19th. These checkins may also apply to CVE-3385 but I'm
still researching.
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/http/Cookies.java?view=log
http://svn.apache.org/viewvc/tomcat/connectors/trunk/util/java/org/apache/tomcat/util/http/Cookies.java?view=log
-John
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]