Hi, Our tomcat5 packages are still without fixes for several security flaws (CVE-2007-5461, CVE-2007-2450, CVE-2007-2449) for too long and as days pass I am getting more and more worried about it. I am not able to persuade the maintainer to fix the issues (the patches are available thoug, in RHEL packages). I attempted to contact him via mail and offered him help with the updates, but he seems uninterested. Is there anyone who would volunteer to fix and maintain tomcat? To formally satisfy [1], in case it will be needed, here are some random bug links: [2] [3] [4]. [1] http://fedoraproject.org/wiki/PackageMaintainers/Policy/AWOL_Maintainers [2] https://bugzilla.redhat.com/show_bug.cgi?id=244810 [3] https://bugzilla.redhat.com/show_bug.cgi?id=334511 [4] https://bugzilla.redhat.com/show_bug.cgi?id=244810 Thanks, -- Lubomir Kundrak (Red Hat Security Response Team) -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
