Antoine Beaupré writes:
> What do you think? Should we push this forward?
I am somewhat concerned that by fixing this we might be breaking
something. Even if it is 100% broken behaviour, maybe some application
depends on this?
Is the potential attack bad enough to justify potential breakage? I
On 2018-09-02 17:08:09, Brian May wrote:
> Antoine Beaupré writes:
>
>> What do you think? Should we push this forward?
>
> I am somewhat concerned that by fixing this we might be breaking
> something. Even if it is 100% broken behaviour, maybe some application
> depends on this?
>
> Is the
Package: tomcat8
Version: 8.0.14-1+deb8u13
CVE ID : CVE-2018-1336 CVE-2018-8034
Two security issues have been discovered in the Tomcat servlet and JSP
engine.
CVE-2018-1336
An improper handing of overflow in the UTF-8 decoder with
supplementary characters can lead to
Hello James,
The Debian LTS team would like to fix the security issues which are
currently open in the Jessie version of polarssl/mbedtls:
https://security-tracker.debian.org/tracker/CVE-2018-0498
https://security-tracker.debian.org/tracker/CVE-2018-0497
Would you like to take care of this