Package: tomcat5 Version: 5.0.30-12 Severity: normal Tags: security A vulnerability has been found in Tomcat:
CVE-2007-1858: "The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts." Please mention the CVE id in the changelog. This also affects tomcat4 in sarge but I doubt a DSA is needed. _______________________________________________ pkg-java-maintainers mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
