tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r882368 - /tomcat/tc6.0.x/trunk/STATUS.txt
Date Fri, 20 Nov 2009 00:50:07 GMT
Author: markt
Date: Fri Nov 20 00:50:06 2009
New Revision: 882368

URL: http://svn.apache.org/viewvc?rev=882368&view=rev
Log:
Propose alternative fix

Modified:
    tomcat/tc6.0.x/trunk/STATUS.txt

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=882368&r1=882367&r2=882368&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Fri Nov 20 00:50:06 2009
@@ -396,3 +396,11 @@
   http://people.apache.org/~markt/patches/2009-11-17-cookie-allow-equals.patch
   +1: markt
   -1: 
+
+* Alternative fix for CVE-2009-3555 SSL MITN
+  The current patch uses an async callback to close the socket. It is
+  technically possible an attack may suceed before the socket is closed
+  The new patch only logs failed server initiated negotiations 
+  http://people.apache.org/~markt/patches/2009-11-20-cve2009-3555-v2.patch
+  +1: markt
+  -1: 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message