Thank you for the feedbak Sergio. You are right, disabling the SSLv23_*
calls was a mistake, I'll fix that. Since this is a different issue I'll
clone this report though.
I also agree that the whole patch is no longer necessary. It was
initially required to avoid a warning caused by the removal
I think the issue originally reported by Peter has been fixed in
tomcat-native/1.1.32~repack-1 currently in testing and unstable. In this
version the SSL_PROTOCOL_SSLV2 constant has been restored in
ssl_private.h, and the SSL_PROTOCOL_ALL constant is aligned with the
Package: libtcnative-1
Version: 1.1.32~repack-1
Severity: serious
I'm splitting this comment from Sergio Gelato in #737969 into a new issue.
---BeginMessage---
found 737969 1.1.32~repack-1
thanks
I'd bump up the severity to serious if this weren't a maintainer's /
release manager's prerogative.
Processing commands for cont...@bugs.debian.org:
notfound 737969 1.1.32~repack-1
Bug #737969 [libtcnative-1] libtcnative-1 breaks Tomcat's 'SSLProtocols'
No longer marked as found in versions tomcat-native/1.1.32~repack-1.
thanks
Stopping processing here.
Please contact me if you need
The SSLv23 issue has been cloned as #780447.
__
This is the maintainer address of Debian's Java team
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers.
Please use
debian-j...@lists.debian.org for discussions and questions.
Source: libopensaml2-java
Version: 2.6.2-1
Severity: grave
Tags: security upstream fixed-upstream
Hi,
the following vulnerability was published for libopensaml2-java. Note
that I don't know libopensaml2-java well enough, so could you assess
if this affeccts Debian as well, and if the severity is
Hi Salvatore,
Thank you for the report. Looking at the commit r1680 mentioned on the
security tracker I fail to see how it addresses the vulnerability
described. I suspect this is actually a vulnerability in a dependency
shared by opensaml and idp (maybe xmltooling which contains the
Processing commands for cont...@bugs.debian.org:
severity 779621 grave
Bug #779621 [jakarta-taglibs-standard] jakarta-taglibs-standard: CVE-2015-0254
Severity set to 'grave' from 'important'
thanks
Stopping processing here.
Please contact me if you need assistance.
--
779621:
Hi Emmanuel,
Thanks for the quick feedback.
On Fri, Mar 13, 2015 at 10:42:41AM +0100, Emmanuel Bourg wrote:
Hi Salvatore,
Thank you for the report. Looking at the commit r1680 mentioned on the
security tracker I fail to see how it addresses the vulnerability
described. I suspect this is
9 matches
Mail list logo