Bug#657870: some more struts issues
tony mancill
tmancill at debian.org
Thu Jun 7 05:21:25 UTC 2012
On 06/02/2012 09:53 AM, Thijs Kinkhorst wrote:
> Hi,
>
> I'm sorry, but we've got yet another set of struts vulnerabilities:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2087
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2088
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0838
>
> It would be really helpful if you could check how these affect Debian aswell.
I reviewed these CVEs and they are associated with Struts 2.x. Debian
currently only contains Struts 1.2, and so I don't believe these are
applicable. (However, I have not attempted to replicate the
vulnerabilities against sites based on the Debian libstruts1.2-java
package.)
tony
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20120606/049e1381/attachment.pgp>
More information about the pkg-java-maintainers
mailing list