Bug#611786: eclipse: cross-site scripting vulnerability in the help webapps

Niels Thykier niels at thykier.net
Wed Feb 2 07:50:31 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2011-02-02 08:40, Niels Thykier wrote:
> Package: eclipse-platform
> Version: 3.5.2-6squeeze1
> Severity: important
> Tags: security
> 
> Hi
> 
> These are reported as CVE-2008-7271 and CVE-2010-4647, which appear to be the
> (nearly) same issue.  Upstream has fixed this with [1] and has made its way
> into our git repositories in the upstream-3.6 branch[2].
> 
> ~Niels
> 
> [1] https://bugs.eclipse.org/bugs/attachment.cgi?id=130767
> 
> [2] http://git.debian.org/?p=pkg-java/eclipse.git;a=commitdiff;h=68f899e621857ab6f44c7926b80c1da742bf7adf;hp=c4581570d622c04e03188f20aeb9f2149dff5724
> 
> [...]

Correction, CVE-2008-7271 is a different issue than CVE-2010-4647[1] and
the fix above appears to be for CVE-2010-4647.

~Niels

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7271

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJNSQzHAAoJEAVLu599gGRCf8QP/RozSOiEWVF6b38GLB9fhHbb
fN7OIYE6MgvG+zhW7fhLkUEY7SJ+kDKf1zIwSN6W1LB8CccY46Idy2lFcpdThd+F
ERBGNlRHOQym1wh/lTRSC+1kQYSphxQsMZrQ7R5Le03gbyyqtHykkf9Q6tlZ3s4w
YDneE5biyJ+NmfSKTLQV+DTJpwhD8lzP17Q6KM+meu+wxqJ/E/Og1MCQzvV+Xtid
0MZaw95j8Ak8Fwr6GXjyc/GE0j4vMdJkc2Ef2Dhz60zZCDX5ciM02g7F2IDCqRWK
+p2XT00+SCEbZNA77E5Mscg1PYXWCG84OPXiJZeN7RIWiqiIhW6taqEFjJqTMV/F
6Hg0MZBMClzIoWBqsQGlihJXb4IA0SQiwENAN5BSMuGwV4UThozsR85bN6iWr1Kt
6LX993B44DX9JswrGC0nbxXla9r7VlL5r6tbw8/koE++cynWq9DHNklWlmZcmuWs
fRgwbzLiN/pu7QXcZBvCjIScG1P/WWK3StHsx58Fx3xVRuEOaghmNh3PE7qECLKd
ufBlxo6wC2uQxUUWFLViPIpOKwxOOl6k0HR1jub87wXzzXiEPtQ/8Vbgex1HzWP4
8cxGm3+ZgcgjaPzSUt6imyn2XoIyxRgo3hGVcxUOYvc2cIGDsVj1zVJxfkGzjBOZ
QQWRcCnFduvqIycWFX0G
=6UEQ
-----END PGP SIGNATURE-----





More information about the pkg-java-maintainers mailing list