On 11/16/2007 12:13 AM, Lubomir Kundrak wrote: > Our tomcat5 packages are still without fixes for several security flaws > (CVE-2007-5461, CVE-2007-2450, CVE-2007-2449) for too long and as days > pass I am getting more and more worried about it. > > I am not able to persuade the maintainer to fix the issues (the patches > are available thoug, in RHEL packages). I attempted to contact him via > mail and offered him help with the updates, but he seems uninterested. > > Is there anyone who would volunteer to fix and maintain tomcat? > > To formally satisfy [1], in case it will be needed, here are some random > bug links: [2] [3] [4]. > > [1] http://fedoraproject.org/wiki/PackageMaintainers/Policy/AWOL_Maintainers > [2] https://bugzilla.redhat.com/show_bug.cgi?id=244810 This is just the blocker bug. > [3] https://bugzilla.redhat.com/show_bug.cgi?id=334511 OK. This needs to be fixed. Dunno if there's a patch... > [4] https://bugzilla.redhat.com/show_bug.cgi?id=244810 * CVE-2007-1358 * CVE-2007-2449 * CVE-2007-2450 are (regarding to http://tomcat.apache.org/security-5.html) fixed in 5.5.25 and we have packaged 5.5.25. So this bug is obsolete. my 2 cent. :-) -of -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
