Bug#427712: Possible security vulnerability in tomcat4
Mike Horansky
moho at stanford.edu
Tue Jun 5 23:45:49 UTC 2007
Package: tomcat4
Version: 4.1.31-3
Hi,
According to this...
http://www.frsirt.com/english/advisories/2007/1729
...upstream versions of tomcat 4 prior to 4.1.36 have vulnerabilities
that can allow someone to "bypass security restrictions or execute
arbitrary scripting code". Do these apply to tomcat4 in Sarge? If so,
will a fixed debian package be released?
--
-Mike Horansky, ITSS/Unix Systems and Applications
moho at stanford.EDU
OPINIONS EXPRESSED BY ME ARE NOT NECESSARILY SHARED BY MY EMPLOYERS.
More information about the pkg-java-maintainers
mailing list