Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 23936 invoked from network); 20 Nov 2009 00:50:31 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 20 Nov 2009 00:50:31 -0000 Received: (qmail 49879 invoked by uid 500); 20 Nov 2009 00:50:29 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 49799 invoked by uid 500); 20 Nov 2009 00:50:29 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 49787 invoked by uid 99); 20 Nov 2009 00:50:29 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Nov 2009 00:50:29 +0000 X-ASF-Spam-Status: No, hits=-2.6 required=5.0 tests=AWL,BAYES_00 X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Nov 2009 00:50:27 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 181AD2388882; Fri, 20 Nov 2009 00:50:07 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r882368 - /tomcat/tc6.0.x/trunk/STATUS.txt Date: Fri, 20 Nov 2009 00:50:07 -0000 To: dev@tomcat.apache.org From: markt@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20091120005007.181AD2388882@eris.apache.org> Author: markt Date: Fri Nov 20 00:50:06 2009 New Revision: 882368 URL: http://svn.apache.org/viewvc?rev=882368&view=rev Log: Propose alternative fix Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=882368&r1=882367&r2=882368&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Fri Nov 20 00:50:06 2009 @@ -396,3 +396,11 @@ http://people.apache.org/~markt/patches/2009-11-17-cookie-allow-equals.patch +1: markt -1: + +* Alternative fix for CVE-2009-3555 SSL MITN + The current patch uses an async callback to close the socket. It is + technically possible an attack may suceed before the socket is closed + The new patch only logs failed server initiated negotiations + http://people.apache.org/~markt/patches/2009-11-20-cve2009-3555-v2.patch + +1: markt + -1: --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org