From owner-freebsd-ports@FreeBSD.ORG Mon Feb 16 08:40:36 2015 Return-Path: Delivered-To: freebsd-ports@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C0E62B11; Mon, 16 Feb 2015 08:40:36 +0000 (UTC) Received: from smtp1-g21.free.fr (smtp1-g21.free.fr [IPv6:2a01:e0c:1:1599::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4BFDC279; Mon, 16 Feb 2015 08:40:36 +0000 (UTC) Received: from shell.bebik.local (unknown [78.194.61.125]) by smtp1-g21.free.fr (Postfix) with ESMTP id 6C0FA940122; Mon, 16 Feb 2015 09:40:22 +0100 (CET) Received: from shell.bebik.local ([192.168.1.101]) by shell.bebik.local (8.14.5/8.14.5) with ESMTP id t1G8btiG026767; Mon, 16 Feb 2015 08:37:55 GMT (envelope-from rodrigo@shell.bebik.local) Received: (from rodrigo@localhost) by shell.bebik.local (8.14.5/8.14.5/Submit) id t1G8bthi026766; Mon, 16 Feb 2015 08:37:55 GMT (envelope-from rodrigo) Date: Mon, 16 Feb 2015 08:37:55 +0000 From: Rodrigo Osorio To: ale@FreeBSD.org, freebsd-ports@FreeBSD.org Subject: Vulnerability on Tomcat 6.x (<6.0.42) and 7.x (<7.0.55) and 8.x (<8.0.9) Message-ID: <20150216083754.GA23113@shell.bebik.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.22 (2013-10-16) X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2015 08:40:36 -0000 Hi, A CVE-2014-0227 was released yesterday about possibles DOS attacks on apache tomcat. Updates are available on the website[2]. Cheers, - rodrigo [1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0227 [2] http://tomcat.apache.org/security-7.html