[Secure-testing-commits] r56036 - data/CVE

Markus Koschany apo at moszumanska.debian.org
Fri Sep 22 23:16:33 UTC 2017


Author: apo
Date: 2017-09-22 23:16:33 +0000 (Fri, 22 Sep 2017)
New Revision: 56036

Modified:
   data/CVE/list
Log:
libstruts1.2-java,CVE-2016-6795,CVE-2016-8738: end-of-life for Wheezy

Ignore open security issues for libstruts1.2-java and mark them EOL because this package is used
by nobody and it's probably a waste of time to maintain it any more.


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-09-22 21:17:04 UTC (rev 56035)
+++ data/CVE/list	2017-09-22 23:16:33 UTC (rev 56036)
@@ -44027,6 +44027,7 @@
 	NOT-FOR-US: Apache CXF
 CVE-2016-8738 (In Apache Struts 2.5 through 2.5.5, if an application allows entering ...)
 	- libstruts1.2-java <removed>
+	[wheezy] - libstruts1.2-java <end-of-life> (no longer supported)
 	NOTE: https://struts.apache.org/docs/s2-044.html
 CVE-2016-8737 (In Apache Brooklyn before 0.10.0, the REST server is vulnerable to ...)
 	NOT-FOR-US: Apache Brooklyn
@@ -50345,6 +50346,7 @@
 	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1758496 (6.0.x)
 CVE-2016-6795 (In the Convention plugin in Apache Struts 2.3.20 through 2.3.30, it is ...)
 	- libstruts1.2-java <removed>
+	[wheezy] - libstruts1.2-java <end-of-life> (no longer supported)
 	NOTE: https://struts.apache.org/docs/s2-042.html
 CVE-2016-6794 (When a SecurityManager is configured, a web application's ability to ...)
 	{DSA-3721-1 DSA-3720-1 DLA-729-1 DLA-728-1}




More information about the Secure-testing-commits mailing list