Bug#657870: Multiple issues in Struts
Moritz Mühlenhoff
jmm at inutil.org
Tue Feb 21 18:42:38 UTC 2012
On Tue, Feb 21, 2012 at 12:53:47AM +0100, Damien Raude-Morvan wrote:
> Hi Moritz,
>
> Le jeudi 16 février 2012 19:42:09, Damien Raude-Morvan a écrit :
> > On 09/02/2012 21:16, Moritz Mühlenhoff wrote:
> > > There's a new issues, which affects 1.x:
> > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1007
> >
> > From [1], it seems there is no actual fix for this issue :(
> > I'll contact Struts Security Team on this matter.
>
> Okay, I got some feedback for Struts Security Team.
>
> This particular security issue doesn't affect Struts as binary library (ie.
> /usr/share/java/struts-1.2.jar is unaffected) but concern only samples provided
> as source is /usr/share/doc/libstruts1.2-java/example*
>
> Do you think we should provide an updated package for squeeze (I think we can
> just drop examples) ?
It's just an example we don't need a DSA. You can fix it through a stable
update for Squeeze, though.
Cheers,
Moritz
More information about the pkg-java-maintainers
mailing list