Volunteers for fixing and/or maintaning Tomcat

Oliver Falk oliver at linux-kernel.at
Fri Nov 16 09:26:39 UTC 2007


On 11/16/2007 12:13 AM, Lubomir Kundrak wrote:
> Our tomcat5 packages are still without fixes for several security flaws
> (CVE-2007-5461, CVE-2007-2450, CVE-2007-2449) for too long and as days
> pass I am getting more and more worried about it.
> 
> I am not able to persuade the maintainer to fix the issues (the patches
> are available thoug, in RHEL packages). I attempted to contact him via
> mail and offered him help with the updates, but he seems uninterested.
> 
> Is there anyone who would volunteer to fix and maintain tomcat?
> 
> To formally satisfy [1], in case it will be needed, here are some random
> bug links: [2] [3] [4].
> 
> [1] http://fedoraproject.org/wiki/PackageMaintainers/Policy/AWOL_Maintainers
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=244810

This is just the blocker bug.

> [3] https://bugzilla.redhat.com/show_bug.cgi?id=334511

OK. This needs to be fixed. Dunno if there's a patch...

> [4] https://bugzilla.redhat.com/show_bug.cgi?id=244810

* CVE-2007-1358
* CVE-2007-2449
* CVE-2007-2450

are (regarding to http://tomcat.apache.org/security-5.html) fixed in
5.5.25 and we have packaged 5.5.25. So this bug is obsolete.


my 2 cent. :-)

-of




More information about the devel mailing list