moog <[email protected]> schrieb:
> Hi,
>
> DSA 2160-1 is about CVE-2010-3718, CVE-2011-0013 and CVE-2011-0534. It says
> "The oldstable distribution (lenny) is not affected by these issues." I
> wonder
> if that's mistaken, because <http://tomcat.apache.org/security-6.html> says:
>
> CVE-2010-3718 ... Affects: 6.0.0-6.0.29
> CVE-2011-0013 ... Affects: 6.0.0-6.0.29
> CVE-2011-0534 ... Affects: 6.0.0-6.0.30
>
> and the lenny version of tomcat6 is based on 6.0.16.
The Lenny package of tomcat6 only provides a subset of the Tomcat package
and is thus not affected.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
