Bug#657870: Multiple issues in Struts
Damien Raude-Morvan
drazzib at drazzib.com
Mon Feb 20 23:53:47 UTC 2012
Hi Moritz,
Le jeudi 16 février 2012 19:42:09, Damien Raude-Morvan a écrit :
> On 09/02/2012 21:16, Moritz Mühlenhoff wrote:
> > There's a new issues, which affects 1.x:
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1007
>
> From [1], it seems there is no actual fix for this issue :(
> I'll contact Struts Security Team on this matter.
Okay, I got some feedback for Struts Security Team.
This particular security issue doesn't affect Struts as binary library (ie.
/usr/share/java/struts-1.2.jar is unaffected) but concern only samples provided
as source is /usr/share/doc/libstruts1.2-java/example*
Do you think we should provide an updated package for squeeze (I think we can
just drop examples) ?
Cheers,
--
Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20120221/c8e8e0c6/attachment.pgp>
More information about the pkg-java-maintainers
mailing list