Author: markt
Date: Thu Feb 11 10:35:55 2010
New Revision: 908916
URL: http://svn.apache.org/viewvc?rev=908916&view=rev
Log:
Add a note on where to find the "not a vulnerability section"
Add the missing severity and svn reference for CVE-2009-3555
Modified:
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/xdocs/security-5.xml
Modified: tomcat/site/trunk/docs/security-5.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=908916&r1=908915&r2=908916&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Thu Feb 11 10:35:55 2010
@@ -198,6 +198,10 @@
<p>Please send comments or corrections for these vulnerabilities to the
<a href="mailto:[email protected]";>Tomcat Security
Team</a>.</p>
+ <p>Note: Vulnerabilities that are not Tomcat vulnerabilities but have
either
+ been incorrectly reported against Tomcat or where Tomcat provides a
+ workaround are listed at the end of this page.</p>
+
<p>Please note that Tomcat 5.0.x is no longer supported. Further
vulnerabilities in the 5.0.x branch will not be fixed. Users should
upgrade to 5.5.x or 6.x to obtain security fixes. Vulnerabilities fixed
@@ -1192,7 +1196,7 @@
<blockquote>
<p>
-<strong>TLS SSL Man In The Middle</strong>
+<strong>moderate: TLS SSL Man In The Middle</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555";>
CVE-2009-3555</a>
</p>
@@ -1223,6 +1227,10 @@
renegotiation may result in some clients being unable to access the
application.</p>
+ <p>This was worked-around in
+ <a
href="http://svn.eu.apache.org/viewvc?view=revision&revision=904851";>
+ revision 881774</a>.</p>
+
<p>
<strong>JavaMail information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1754";>
Modified: tomcat/site/trunk/xdocs/security-5.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=908916&r1=908915&r2=908916&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Thu Feb 11 10:35:55 2010
@@ -20,6 +20,10 @@
<p>Please send comments or corrections for these vulnerabilities to the
<a href="mailto:[email protected]";>Tomcat Security
Team</a>.</p>
+ <p>Note: Vulnerabilities that are not Tomcat vulnerabilities but have
either
+ been incorrectly reported against Tomcat or where Tomcat provides a
+ workaround are listed at the end of this page.</p>
+
<p>Please note that Tomcat 5.0.x is no longer supported. Further
vulnerabilities in the 5.0.x branch will not be fixed. Users should
upgrade to 5.5.x or 6.x to obtain security fixes. Vulnerabilities fixed
@@ -562,7 +566,7 @@
<section name="Not a vulnerability in Tomcat">
- <p><strong>TLS SSL Man In The Middle</strong>
+ <p><strong>moderate: TLS SSL Man In The Middle</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555";>
CVE-2009-3555</a></p>
@@ -592,6 +596,10 @@
renegotiation may result in some clients being unable to access the
application.</p>
+ <p>This was worked-around in
+ <a
href="http://svn.eu.apache.org/viewvc?view=revision&revision=904851";>
+ revision 881774</a>.</p>
+
<p><strong>JavaMail information disclosure</strong>
<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1754";>
CVE-2005-1754</a></p>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
