Bug#745897: closed by Hideki Yamane <henrich at debian.org> (Bug#745897: fixed in libstruts1.2-java 1.2.9-9)
Emmanuel Bourg
ebourg at apache.org
Mon Jun 16 11:27:32 UTC 2014
Le 15/06/2014 06:43, Hideki Yamane a écrit :
> Then, question: commons-beanutils version in Debian is
> both seems to be still vulunerable version. Can you provide security-
> backport patch for them? If not, patch to struts1 is still usefull to
> prevent attack, so push fix to libstruts1.2-java stable/oldstable, right?
I got confirmation from the Struts developers that a new release using
commons-beanutils 1.9.2 is planned soon. So I'm going to prepare the
backport of commons-beanutils 1.9.2 in stable and wait for the new
release of Struts 1.x.
Emmanuel Bourg
More information about the pkg-java-maintainers
mailing list