> Yoav,
>
> So then if there is a DoS vulnerability in the "normal jakarata tomcat
> 4.0.x distributions", would the developers consider that important
> enough
> to be looked at/fixed? I'm just trying to figure out whether the
> vulnerability in the debian tomcat would affect the normal jakarta
> tomcat
> versions >= 4.0.4 (i'm using the normal jakarta distributed tomcat
> 4.0.6).
> Upgrading to the 4.1 branch would require more work for us. :(

I don't know if you're talking about your application or doing a tomcat 4.1.x package for a stable debian release; anyway, someone should consider doing a bug report to debian-security, and ask the debian maintainer to upgrade the current stable release of tomcat/debian. Then you will have the upgrade available from security.debian.org.

What is the problem in upgrading to 4.1, it is not a major release upgrade.

I CC: to debian tomcat maintainers. Unfortunately, I'm in transit, so I don't have access to my servers to help producing the package (and I'm not an official d-d, and in my current position, I have to use RedHat:((( ).

François.


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)