Bug#528352: CVE-2008-2025: Cross-site scripting (XSS) vulnerability
Steffen Joeris
steffen.joeris at skolelinux.de
Tue May 12 11:08:03 UTC 2009
Package: libstruts1.2-java
Severity: important
Tags: patch, security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libstruts1.2-java.
CVE-2008-2025[0]:
| Cross-site scripting (XSS) vulnerability in Apache Struts before
| 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2
| on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and
| before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers
| to inject arbitrary web script or HTML via unspecified vectors related
| to "insufficient quoting of parameters."
The attached patch should be the one that was used by Suse. Please check
and consider uploading. Also, please check the stable/oldstable version.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2025
http://security-tracker.debian.net/tracker/CVE-2008-2025
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch
Type: text/x-diff
Size: 18474 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20090512/32b2209a/attachment-0001.diff>
More information about the pkg-java-maintainers
mailing list