You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2010/02/11 12:42:53 UTC

svn commit: r908937 - in /tomcat/site/trunk: docs/security-5.html docs/security-6.html xdocs/security-5.xml xdocs/security-6.xml

Author: markt
Date: Thu Feb 11 11:42:48 2010
New Revision: 908937

URL: http://svn.apache.org/viewvc?rev=908937&view=rev
Log:
Fix svn revs for CVE-2009-3555
Make wording more consistent with outher entries

Modified:
    tomcat/site/trunk/docs/security-5.html
    tomcat/site/trunk/docs/security-6.html
    tomcat/site/trunk/xdocs/security-5.xml
    tomcat/site/trunk/xdocs/security-6.xml

Modified: tomcat/site/trunk/docs/security-5.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=908937&r1=908936&r2=908937&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Thu Feb 11 11:42:48 2010
@@ -1212,8 +1212,7 @@
        To workaround this until a fix is available in JSSE, a new connector
        attribute <code>allowUnsafeLegacyRenegotiation</code> has been added to
        the BIO connector. It should be set to <code>false</code> (the default)
-       to protect against this vulnerability. The attribute will be available in
-       Tomcat 5.5.29 onwards.</p>
+       to protect against this vulnerability.</p>
        
     <p>The NIO connector is not vulnerable as it does not support
        renegotiation.</p>
@@ -1227,9 +1226,10 @@
        renegotiation may result in some clients being unable to access the
        application.</p>
 
-    <p>This was worked-around in
-       <a href="http://svn.eu.apache.org/viewvc?view=revision&amp;revision=904851">
-       revision 881774</a>.</p>
+    <p>A workaround was implemented in
+       <a href="http://svn.apache.org/viewvc?view=revision&amp;revision=904851">
+       revision 904851</a> that provided the new allowUnsafeLegacyRenegotiation
+       attribute. This work around will be included in Tomcat 5.5.29 onwards.</p>
 
     <p>
 <strong>JavaMail information disclosure</strong>

Modified: tomcat/site/trunk/docs/security-6.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=908937&r1=908936&r2=908937&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Thu Feb 11 11:42:48 2010
@@ -925,8 +925,7 @@
        To workaround this until a fix is available in JSSE, a new connector
        attribute <code>allowUnsafeLegacyRenegotiation</code> has been added to
        the BIO connector. It should be set to <code>false</code> (the default)
-       to protect against this vulnerability. The attribute will be available in
-       Tomcat 6.0.21 onwards.</p>
+       to protect against this vulnerability.</p>
        
     <p>The NIO connector is not vulnerable as it does not support
        renegotiation.</p>
@@ -940,9 +939,12 @@
        renegotiation may result in some clients being unable to access the
        application.</p>
 
-    <p>This was worked-around in
+    <p>A workaround was implemented in
+       <a href="http://svn.apache.org/viewvc?rev=881774&amp;view=rev">
+       revision 881774</a> and 
        <a href="http://svn.apache.org/viewvc?rev=891292&amp;view=rev">
-       revision 881774</a>.</p>
+       revision 891292</a> that provided the new allowUnsafeLegacyRenegotiation
+       attribute. This work around is included in Tomcat 6.0.21 onwards.</p>
        
     <p>
 <strong>important: Directory traversal</strong>

Modified: tomcat/site/trunk/xdocs/security-5.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=908937&r1=908936&r2=908937&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Thu Feb 11 11:42:48 2010
@@ -581,8 +581,7 @@
        To workaround this until a fix is available in JSSE, a new connector
        attribute <code>allowUnsafeLegacyRenegotiation</code> has been added to
        the BIO connector. It should be set to <code>false</code> (the default)
-       to protect against this vulnerability. The attribute will be available in
-       Tomcat 5.5.29 onwards.</p>
+       to protect against this vulnerability.</p>
        
     <p>The NIO connector is not vulnerable as it does not support
        renegotiation.</p>
@@ -596,9 +595,10 @@
        renegotiation may result in some clients being unable to access the
        application.</p>
 
-    <p>This was worked-around in
-       <a href="http://svn.eu.apache.org/viewvc?view=revision&amp;revision=904851">
-       revision 881774</a>.</p>
+    <p>A workaround was implemented in
+       <a href="http://svn.apache.org/viewvc?view=revision&amp;revision=904851">
+       revision 904851</a> that provided the new allowUnsafeLegacyRenegotiation
+       attribute. This work around will be included in Tomcat 5.5.29 onwards.</p>
 
     <p><strong>JavaMail information disclosure</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1754">

Modified: tomcat/site/trunk/xdocs/security-6.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=908937&r1=908936&r2=908937&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Thu Feb 11 11:42:48 2010
@@ -476,8 +476,7 @@
        To workaround this until a fix is available in JSSE, a new connector
        attribute <code>allowUnsafeLegacyRenegotiation</code> has been added to
        the BIO connector. It should be set to <code>false</code> (the default)
-       to protect against this vulnerability. The attribute will be available in
-       Tomcat 6.0.21 onwards.</p>
+       to protect against this vulnerability.</p>
        
     <p>The NIO connector is not vulnerable as it does not support
        renegotiation.</p>
@@ -491,9 +490,12 @@
        renegotiation may result in some clients being unable to access the
        application.</p>
 
-    <p>This was worked-around in
+    <p>A workaround was implemented in
+       <a href="http://svn.apache.org/viewvc?rev=881774&amp;view=rev">
+       revision 881774</a> and 
        <a href="http://svn.apache.org/viewvc?rev=891292&amp;view=rev">
-       revision 881774</a>.</p>
+       revision 891292</a> that provided the new allowUnsafeLegacyRenegotiation
+       attribute. This work around is included in Tomcat 6.0.21 onwards.</p>
        
     <p><strong>important: Directory traversal</strong>
        <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org