Bug#611786: eclipse: cross-site scripting vulnerability in the help webapps
Niels Thykier
niels at thykier.net
Wed Feb 2 07:40:44 UTC 2011
Package: eclipse-platform
Version: 3.5.2-6squeeze1
Severity: important
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi
These are reported as CVE-2008-7271 and CVE-2010-4647, which appear to be the
(nearly) same issue. Upstream has fixed this with [1] and has made its way
into our git repositories in the upstream-3.6 branch[2].
~Niels
[1] https://bugs.eclipse.org/bugs/attachment.cgi?id=130767
[2] http://git.debian.org/?p=pkg-java/eclipse.git;a=commitdiff;h=68f899e621857ab6f44c7926b80c1da742bf7adf;hp=c4581570d622c04e03188f20aeb9f2149dff5724
- -- System Information:
Debian Release: 6.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages eclipse-platform depends on:
ii ant 1.8.0-4 Java based build tool like make
ii ant-optional 1.8.0-4 Java based build tool like make -
ii default-jre [java6-runti 1:1.6-40 Standard Java or Java compatible R
ii eclipse-platform-data 3.5.2-6squeeze1 Eclipse platform without plug-ins
ii eclipse-rcp 3.5.2-6squeeze1 Eclipse Rich Client Platform (RCP)
ii gcj-4.4-jre [java5-runti 4.4.5-2 Java runtime environment using GIJ
ii gcj-jre [java5-runtime] 4:4.4.5-1 Java runtime environment using GIJ
ii java-common 0.40 Base of all Java packages
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libcommons-codec-java 1.4-2 encoder and decoders such as Base6
ii libcommons-el-java 1.0-6 Implementation of the JSP2.0 Expre
ii libcommons-httpclient-ja 3.1-9 A Java(TM) library for creating HT
ii libcommons-logging-java 1.1.1-8 commmon wrapper interface for seve
ii libjasper-java 5.5.26-5 Implementation of the JSP Containe
ii libjetty-java 6.1.24-6 Java servlet engine and webserver
ii libjsch-java 0.1.42-2 pure Java implementation of the SS
ii liblucene2-java 2.9.2+ds1-1 Full-text search engine library fo
ii libservlet2.5-java 6.0.28-9 Servlet 2.5 and JSP 2.1 Java API c
ii openjdk-6-jre [java6-run 6b18-1.8.3-2 OpenJDK Java runtime, using Hotspo
ii perl 5.10.1-17 Larry Wall's Practical Extraction
ii sat4j 2.2.0-3 Efficient library of SAT solvers i
ii sun-java6-jre [java6-run 6.22-1 Sun Java(TM) Runtime Environment (
Versions of packages eclipse-platform recommends:
ii eclipse-pde 3.5.2-6squeeze1 Eclipse Plug-in Development Enviro
Versions of packages eclipse-platform suggests:
ii eclipse-jdt 3.5.2-6squeeze1 Eclipse Java Development Tools (JD
Versions of packages eclipse-platform is related to:
ii eclipse-jdt 3.5.2-6squeeze1 Eclipse Java Development Tools (JD
ii eclipse-pde 3.5.2-6squeeze1 Eclipse Plug-in Development Enviro
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJNSQp4AAoJEAVLu599gGRCbdQP/0Ia6qMqbmo83im1YAfRMTHk
qSzBvYXs339p8AEVkE2dtFc/vxujsMcKINFdJrSJLCYAeXuTeUQWNQJGwuFVmCTC
FqDPzqriQ22Tzf9zbxBjp4aaCETYTb5cEJSn9iC527SaJxWAxey+WKK3gE7vKQBs
YrxxjfQIGq9dKcX3d9/zM5mogTfeC2O1dEVALs1Zo/DaiPZwu/E77RVxjo4mqz47
mBX08bwyncgRcGfHpTfDmk5KoiUxBjpj/bUjXNgfgbiaHrDMXXoj4zFYHXyovxnC
oQEU1HcX6hmMZDgOc5hLSaMKXs44Y/ZBRrZvsW6AOh0eqSC/EdX/85QbTkwbCKdz
HMAdWrXTu3J4A0qmKPAL4LWarp44KWwbPf52yFipCPrkU0Jv7dG8oHqlFgBUCYrq
t5grRRVgQeP4YIrTo8SKc5R++AVv9QKFjvvnQDhgBHTjc/jvpRez0UzaFjDLFFDE
CmkfW+5OeahlgoSEJo/f0GoYSkww1glAC7ItcNFE+0WSK6pvkXVQ2MxOsjhevyP+
z78eJU0svxJdhpcguP7UdfKKJ2VvecAG74atyLA18OeizsDLMzyjmlH+K9KXCZu2
B12YhJyshmwDm+kKYV3dE9fcN+tbFRPWNM+kZp5G4HqtHTS68YOB7k148UPx00Hp
p7nQ4DltHi3FXDQ7NIUh
=UCG+
-----END PGP SIGNATURE-----
More information about the pkg-java-maintainers
mailing list