Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 24069 invoked from network); 20 Nov 2009 00:50:44 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 20 Nov 2009 00:50:44 -0000 Received: (qmail 50785 invoked by uid 500); 20 Nov 2009 00:50:43 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 50707 invoked by uid 500); 20 Nov 2009 00:50:43 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 50696 invoked by uid 99); 20 Nov 2009 00:50:43 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Nov 2009 00:50:43 +0000 X-ASF-Spam-Status: No, hits=-2.6 required=5.0 tests=AWL,BAYES_00 X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Nov 2009 00:50:41 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id EA23E238888E; Fri, 20 Nov 2009 00:50:20 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r882369 - /tomcat/tc5.5.x/trunk/STATUS.txt Date: Fri, 20 Nov 2009 00:50:20 -0000 To: dev@tomcat.apache.org From: markt@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20091120005020.EA23E238888E@eris.apache.org> Author: markt Date: Fri Nov 20 00:50:20 2009 New Revision: 882369 URL: http://svn.apache.org/viewvc?rev=882369&view=rev Log: Propose alternative fix Modified: tomcat/tc5.5.x/trunk/STATUS.txt Modified: tomcat/tc5.5.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=882369&r1=882368&r2=882369&view=diff ============================================================================== --- tomcat/tc5.5.x/trunk/STATUS.txt (original) +++ tomcat/tc5.5.x/trunk/STATUS.txt Fri Nov 20 00:50:20 2009 @@ -250,4 +250,11 @@ http://people.apache.org/~markt/patches/2009-11-17-cookie-allow-equals.patch +1: markt -1: - \ No newline at end of file + +* Alternative fix for CVE-2009-3555 SSL MITN + The current patch uses an async callback to close the socket. It is + technically possible an attack may suceed before the socket is closed + The new patch only logs failed server initiated negotiations + http://people.apache.org/~markt/patches/2009-11-20-cve2009-3555-v2.patch + +1: markt + -1: --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org