Bug#737969: libtcnative-1 breaks Tomcat's 'SSLProtocols'

Thank you for the feedbak Sergio. You are right, disabling the SSLv23_* calls was a mistake, I'll fix that. Since this is a different issue I'll clone this report though. I also agree that the whole patch is no longer necessary. It was initially required to avoid a warning caused by the removal

Bug#737969: libtcnative-1 breaks Tomcat's 'SSLProtocols'

I think the issue originally reported by Peter has been fixed in tomcat-native/1.1.32~repack-1 currently in testing and unstable. In this version the SSL_PROTOCOL_SSLV2 constant has been restored in ssl_private.h, and the SSL_PROTOCOL_ALL constant is aligned with the

Bug#780447: tomcat-native: SSLv23_* calls shouldn't be disabled

Package: libtcnative-1 Version: 1.1.32~repack-1 Severity: serious I'm splitting this comment from Sergio Gelato in #737969 into a new issue. ---BeginMessage--- found 737969 1.1.32~repack-1 thanks I'd bump up the severity to serious if this weren't a maintainer's / release manager's prerogative.

Processed: notfound 737969 in 1.1.32~repack-1

Processing commands for cont...@bugs.debian.org: notfound 737969 1.1.32~repack-1 Bug #737969 [libtcnative-1] libtcnative-1 breaks Tomcat's 'SSLProtocols' No longer marked as found in versions tomcat-native/1.1.32~repack-1. thanks Stopping processing here. Please contact me if you need

Bug#737969: libtcnative-1 breaks Tomcat's 'SSLProtocols'

The SSLv23 issue has been cloned as #780447. __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.

Bug#780383: libopensaml2-java: CVE-2015-1796

Source: libopensaml2-java Version: 2.6.2-1 Severity: grave Tags: security upstream fixed-upstream Hi, the following vulnerability was published for libopensaml2-java. Note that I don't know libopensaml2-java well enough, so could you assess if this affeccts Debian as well, and if the severity is

Bug#780383: libopensaml2-java: CVE-2015-1796

Hi Salvatore, Thank you for the report. Looking at the commit r1680 mentioned on the security tracker I fail to see how it addresses the vulnerability described. I suspect this is actually a vulnerability in a dependency shared by opensaml and idp (maybe xmltooling which contains the

Processed: severity of 779621 is grave

Processing commands for cont...@bugs.debian.org: severity 779621 grave Bug #779621 [jakarta-taglibs-standard] jakarta-taglibs-standard: CVE-2015-0254 Severity set to 'grave' from 'important' thanks Stopping processing here. Please contact me if you need assistance. -- 779621:

Bug#780383: libopensaml2-java: CVE-2015-1796

Hi Emmanuel, Thanks for the quick feedback. On Fri, Mar 13, 2015 at 10:42:41AM +0100, Emmanuel Bourg wrote: Hi Salvatore, Thank you for the report. Looking at the commit r1680 mentioned on the security tracker I fail to see how it addresses the vulnerability described. I suspect this is