> Yoav, > > So then if there is a DoS vulnerability in the "normal jakarata tomcat > 4.0.x distributions", would the developers consider that important > enough > to be looked at/fixed? I'm just trying to figure out whether the > vulnerability in the debian tomcat would affect the normal jakarta > tomcat > versions >= 4.0.4 (i'm using the normal jakarta distributed tomcat > 4.0.6). > Upgrading to the 4.1 branch would require more work for us. :(
I don't know if you're talking about your application or doing a tomcat 4.1.x package for a stable debian release; anyway, someone should consider doing a bug report to debian-security, and ask the debian maintainer to upgrade the current stable release of tomcat/debian. Then you will have the upgrade available from security.debian.org. What is the problem in upgrading to 4.1, it is not a major release upgrade. I CC: to debian tomcat maintainers. Unfortunately, I'm in transit, so I don't have access to my servers to help producing the package (and I'm not an official d-d, and in my current position, I have to use RedHat:((( ). Fran�ois. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
