Bug#674448: CVE-2012-2098
Hi, * Miguel Landaeta mig...@miguel.cc [2012-07-18 17:02]: On Thu, May 24, 2012 at 08:13:35PM +0200, Moritz Muehlenhoff wrote: Please see https://commons.apache.org/compress/security.html Fixed in 1.4.1. This doesn't warrant a DSA, but you could fix it through a point update for Squeeze 6.0.6. I had prepared an upload to fix this issue in stable. Are you OK with an upload to stable then? Please notify the release team before. Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0 For security reasons, all text in this mail is double-rot13 encrypted. pgp8mf84QLRmp.pgp Description: PGP signature __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#629852: Oracle Java SE Critical Patch Update Advisory - June 2011
Package: openjdk-6-jre, sun-java6-jre Severity: serious Tags: security A new round of java issues: CVE-2011-0862 CVE-2011-0873 CVE-2011-0815 CVE-2011-0817 CVE-2011-0863 CVE-2011-0864 CVE-2011-0802 CVE-2011-0814 CVE-2011-0871 CVE-2011-0786 CVE-2011-0788 CVE-2011-0866 CVE-2011-0868 CVE-2011-0872 CVE-2011-0867 CVE-2011-0869 CVE-2011-0865 Some of the issues seem to be windows specific. http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html Kind regards Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0 For security reasons, all text in this mail is double-rot13 encrypted. pgpuOVLCQUVeE.pgp Description: PGP signature __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#441205: closed by Marcus Better mar...@better.se (CVE-2007-4724 XSS in cal2.jsp)
Hi, Message-ID: 4a856bcd.9040...@better.se Date: Fri, 14 Aug 2009 15:51:09 +0200 From: Marcus Better mar...@better.se User-Agent: Mozilla-Thunderbird 2.0.0.22 (X11/20090701) To: 441205-d...@bugs.debian.org Subject: CVE-2007-4724 XSS in cal2.jsp -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bug not present in Tomcat 6. so why closing a bug that was assigned for tomcat 5? Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0 For security reasons, all text in this mail is double-rot13 encrypted. pgpTaEvp3urey.pgp Description: PGP signature ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Bug#441205: closed by Marcus Better mar...@better.se (CVE-2007-4724 XSS in cal2.jsp)
Hi, * Marcus Better mar...@better.se [2009-08-14 18:23]: Nico Golde wrote: Bug not present in Tomcat 6. so why closing a bug that was assigned for tomcat 5? Oh, I didn't read closely enough and thought it had been reassigned to tomcat6. Anyway tomcat5 has been removed from the archive and all remaining bugs have been reassigned to tomcat6. So I guess this can remain closed, right? No please don't the source is still in oldstable. Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0 For security reasons, all text in this mail is double-rot13 encrypted. pgp9SEIpKMmyp.pgp Description: PGP signature ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Bug#494799: CVE-2008-2938: Directory Traversal Vulnerability
merge 494504 494799 thanks Hi Christophe, * Christophe Boyanique [EMAIL PROTECTED] [2008-08-12 12:37]: Package: tomcat5.5 Version: 5.5.20-2etch3 Severity: grave Tags: security Tomcat is affected by a directory traversal vulnerability. The problem has been fixed in SVN version: Please check the existing BTS entries before submitting new bugs. No idea how you missed: #494504 [G|S|] [tomcat5.5] CVE-2008-1232/CVE-2008-2370: XSS and directory traversal Check out http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494504 Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Bug#465645: tomcat5.5: CVE-2007-5333 unauthorized disclosure of information
Package: tomcat5.5 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for tomcat5.5. CVE-2007-5333[0]: | Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 | through 4.1.36 does not properly handle (1) double quote () | characters or (2) %5C (encoded backslash) sequences in a cookie value, | which might cause sensitive information such as session IDs to be | leaked to remote attackers and enable session hijacking attacks. NOTE: | this issue exists because of an incomplete fix for CVE-2007-3385. If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpO2rpT8ojLl.pgp Description: PGP signature ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Bug#459281: severity of 459281 is serious
# Automatically generated email from bts, devscripts version 2.10.11 # setting it back to previous severity :) severity 459281 serious ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Bug#459281: severity of 459281 is important
# Automatically generated email from bts, devscripts version 2.10.11 # temporary downgrading to let the latest security fix enter testing severity 459281 important ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
libstruts1.2-java oldstable update for CVE-2005-3745
Hi, the following CVE (Common Vulnerabilities Exposures) id was published for libstruts1.2-java some time ago. CVE-2005-3745[0]: | Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and | possibly other versions allows remote attackers to inject arbitrary | web script or HTML via the query string, which is not properly quoted | or filtered when the request handler generates an error message. Unfortunately the vulnerability described above is not important enough to get it fixed via regular security update in Debian oldstable. It does not warrant a DSA. However it would be nice if this could get fixed via a regular point update[1]. Please contact the release time for this. This is an automatically generated mail, in case you are already working on an upgrade this is of course pointless. You can see the status of this vulnerability on: http://security-tracker.debian.net/tracker/CVE-2005-3745 For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3745 [1] http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-upload-oldstable Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpWk2nGUCCUe.pgp Description: PGP signature ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Bug#458237: tomcat5.5: CVE-2007-5342 unauthorized modification of data because of too open permissions
Package: tomcat5.5 Version: 5.5.20-2 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities Exposures) id was published for tomcat5.5. CVE-2007-5342[0]: | The default catalina.policy in the JULI logging component in Apache | Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict | certain permissions for web applications, which allows attackers to | modify logging configuration options and overwrite arbitrary files, as | demonstrated by changing the (1) level, (2) directory, and (3) prefix | attributes in the org.apache.juli.FileHandler handler. If you fix this vulnerability please also include the CVE id in your changelog entry. A patch can be found on: http://svn.apache.org/viewvc/tomcat/trunk/conf/catalina.policy?r1=593649r2=606594pathrev=606594view=patch For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpqrtkAcCfvV.pgp Description: PGP signature ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Bug#456148: Current upstream fix for CVE-2007-6306 introduced regression
Hi Varun, * Varun Hiremath [EMAIL PROTECTED] [2007-12-18 19:02]: On Thu, 13 Dec, 2007 at 01:46:58PM +0100, Tomas Hoger wrote: This has been brought to our attention: http://sourceforge.net/tracker/index.php?func=detailaid=1849333group_id=15494atid=115494 Upstream author is looking into the issue and expects to release update soon. The following comment[1] was added by the Upstream author: | This bug has been fixed in the jfreechart-1.0.x-branch in Subversion, | and I'll be releasing version 1.0.9 as soon as possible. The chances | of that happening this week are slim, however. [1]: https://sourceforge.net/tracker/?func=detailatid=115494aid=1849333group_id=15494 I shall update the package once version 1.0.9 is released. What about updating the current package with the referenced patches which fix this? Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpgmeO9qGbMi.pgp Description: PGP signature ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Bug#456148: Intend to NMU
Hi,
attached is a patch for an NMU which fixes these issues.
It will be also archived on:
http://people.debian.org/~nion/nmu-diff/libjfreechart-java-1.0.8-1_1.0.8-1.1.patch
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
diff -u libjfreechart-java-1.0.8/debian/changelog libjfreechart-java-1.0.8/debian/changelog
--- libjfreechart-java-1.0.8/debian/changelog
+++ libjfreechart-java-1.0.8/debian/changelog
@@ -1,3 +1,13 @@
+libjfreechart-java (1.0.8-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by security team.
+ * This update fixes the following security issue:
+- Multiple cross-site scripting vulnerabilities in the image map
+ feature allow remote attackers to inject arbitrary web script
+ or HTML via several attributes (CVE-2007-6306; Closes: #456148).
+
+ -- Nico Golde [EMAIL PROTECTED] Sat, 22 Dec 2007 16:04:32 +0100
+
libjfreechart-java (1.0.8-1) unstable; urgency=low
* New upstream release.
only in patch2:
unchanged:
--- libjfreechart-java-1.0.8.orig/source/org/jfree/chart/entity/ChartEntity.java
+++ libjfreechart-java-1.0.8/source/org/jfree/chart/entity/ChartEntity.java
@@ -76,6 +76,7 @@
import java.io.Serializable;
import org.jfree.chart.HashUtilities;
+import org.jfree.chart.imagemap.ImageMapUtilities;
import org.jfree.chart.imagemap.ToolTipTagFragmentGenerator;
import org.jfree.chart.imagemap.URLTagFragmentGenerator;
import org.jfree.io.SerialUtilities;
@@ -316,11 +317,11 @@
+ getShapeCoords() + \);
if (hasToolTip) {
tag.append(toolTipTagFragmentGenerator.generateToolTipFragment(
-this.toolTipText));
+ImageMapUtilities.htmlEscape(this.toolTipText)));
}
if (hasURL) {
tag.append(urlTagFragmentGenerator.generateURLFragment(
-this.urlText));
+ImageMapUtilities.htmlEscape(this.urlText)));
}
// if there is a tool tip, we expect it to generate the title and
// alt values, so we only add an empty alt if there is no tooltip
only in patch2:
unchanged:
--- libjfreechart-java-1.0.8.orig/source/org/jfree/chart/imagemap/ImageMapUtilities.java
+++ libjfreechart-java-1.0.8/source/org/jfree/chart/imagemap/ImageMapUtilities.java
@@ -171,7 +171,7 @@
URLTagFragmentGenerator urlTagFragmentGenerator) {
StringBuffer sb = new StringBuffer();
-sb.append(map id=\ + name + \ name=\ + name + \);
+sb.append(map id=\ + htmlEscape(name) + \ name=\ + htmlEscape(name) + \);
sb.append(StringUtils.getLineSeparator());
EntityCollection entities = info.getEntityCollection();
if (entities != null) {
@@ -191,8 +191,49 @@
}
}
sb.append(/map);
-return sb.toString();
-
-}
+ return sb.toString();
+}
+/**
+ * Returns a string that is equivalent to the input string, but with
+ * special characters converted to HTML escape sequences.
+ *
+ * @param input the string to escape (codenull/code not permitted).
+ *
+ * @return A string with characters escaped.
+ *
+ * @since 1.0.9
+ */
+public static String htmlEscape(String input) {
+if (input == null) {
+throw new IllegalArgumentException(Null 'input' argument.);
+}
+StringBuffer result = new StringBuffer();
+int length = input.length();
+for (int i = 0; i length; i++) {
+char c = input.charAt(i);
+if (c == '') {
+result.append(amp;);
+}
+else if (c == '\') {
+result.append(quot;);
+}
+else if (c == '') {
+result.append(lt;);
+}
+else if (c == '') {
+result.append(gt;);
+}
+else if (c == '\'') {
+result.append(#39;);
+}
+else if (c == '\\') {
+result.append(#092;);
+}
+else {
+result.append(c);
+}
+}
+return result.toString();
+}
}
pgpFlTgNsWV0Q.pgp
Description: PGP signature
___
pkg-java-maintainers mailing list
pkg-java-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Bug#456148: Intend to NMU
Hi Varun, * Varun Hiremath [EMAIL PROTECTED] [2007-12-22 19:12]: On Sat, 22 Dec, 2007 at 04:29:31PM +0100, Nico Golde wrote: Hi, attached is a patch for an NMU which fixes these issues. It will be also archived on: http://people.debian.org/~nion/nmu-diff/libjfreechart-java-1.0.8-1_1.0.8-1.1.patch These two patches are included in the new upstream release 1.0.8a which we already have ready for upload, but it introduces new bugs [1]. Oh thanks I missed this in the bug report. The bug [1] has been fixed in the jfreechart-1.0.x-branch but that branch doesn't seem to include the security fixes, so we can't update to that branch also. So, we thought of waiting for the new 1.0.9 release which should happen any time next week. Waiting for security releases is considered to be bad if you can gather the information for fixing this issue. @ Michael, should we release 1.0.8a version? No please not if it breaks things. Can you maybe ask upstream for the patch then? His changes to the branch are in revision 676 but he later removed some of them in 683 so I am bit confused about the status of this in the branch. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpcSaAA6RnZC.pgp Description: PGP signature ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Bug#448841: CVE-2007-5731 directory traversal vulnerability
Package: libslide-webdavclient-java Version: 2.1+dfsg-1 Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for libslide-webdavclient-java. CVE-2007-5731[0]: | Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and | earlier allows remote authenticated users to read arbitrary files via | a WebDAV write request that specifies an entity with a SYSTEM tag, a | related issue to CVE-2007-5461. If you fix this vulnerability please also include the CVE id in your changelog entry. This can only be exploited by authenticated attackers. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5731 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpkRatvcqEEH.pgp Description: PGP signature ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Bug#448664: CVE-2007-5461 absolute path traversal vulnerability
Package: tomcat5.5 Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for tomcat5.5. CVE-2007-5461[0]: | Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through | 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, | under certain configurations, allows remote authenticated users to | read arbitrary files via a WebDAV write request that specifies an | entity with a SYSTEM tag. If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgp8ZhTWFSAng.pgp Description: PGP signature ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Bug#445283: CVE-2006-6969 predictable session identifiers
Package: jetty Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for jetty. CVE-2006-6969[0]: | Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 | before 6.1.0pre3 generates predictable session identifiers using | java.util.random, which makes it easier for remote attackers to guess | a session identifier through brute force attacks, bypass | authentication requirements, and possibly conduct cross-site request | forgery attacks. If you fix this vulnerability please also include the CVE id in your changelog entry. This vulnerability has been verified in the Debian versions by the upstream. I am currently waiting to get a patch for this. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6969 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpMMnfOaT1NB.pgp Description: PGP signature ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Bug#441205: CVE-2007-4724 XSS in cal2.jsp
Package: tomcat5-webapps Version: 5.0.30-12 Severity: minor Tags: security Hi, a CVE[0] has been issued against your package. CVE-2007-4724: Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters. I verified that this isse is present in etch however it is fixed in tomcat5.5-webapps in unstable and testing. Please include the CVE id in the changelog if you fix this issue. [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4724 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpvR8UpYSf12.pgp Description: PGP signature ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
