Digging in the Apache Tomcat SVN and commit logs revealed the following 5.5.x fixes:
CVE-2008-1232: http://svn.apache.org/viewvc?rev=680947&view=rev CVE-2008-2370: http://svn.apache.org/viewvc?view=rev&revision=680949 CVE-2008-2938: http://svn.apache.org/viewvc?view=rev&revision=681065 Hopes this helps. -- Thierry Carrez Ubuntu server team -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]