Why Spports Bras Are So Popular And Some Of The Best Choices
inline: Schwisow.png___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
How Ograsms Can Benefit Your Health
inline: Odums.png___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Bug#528352: CVE-2008-2025: Cross-site scripting (XSS) vulnerability
Package: libstruts1.2-java Severity: important Tags: patch, security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for libstruts1.2-java. CVE-2008-2025[0]: | Cross-site scripting (XSS) vulnerability in Apache Struts before | 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 | on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and | before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers | to inject arbitrary web script or HTML via unspecified vectors related | to insufficient quoting of parameters. The attached patch should be the one that was used by Suse. Please check and consider uploading. Also, please check the stable/oldstable version. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2025 http://security-tracker.debian.net/tracker/CVE-2008-2025 diff --git a/src/org/apache/struts/taglib/html/BaseHandlerTag.java b/src/org/apache/struts/taglib/html/BaseHandlerTag.java index 403ff97..095045c 100644 --- a/src/org/apache/struts/taglib/html/BaseHandlerTag.java +++ b/src/org/apache/struts/taglib/html/BaseHandlerTag.java @@ -35,6 +35,7 @@ import org.apache.struts.taglib.TagUtils; import org.apache.struts.taglib.logic.IterateTag; import org.apache.struts.util.MessageResources; import org.apache.struts.util.RequestUtils; +import org.apache.struts.util.ResponseUtils; /** * Base class for tags that render form elements capable of including JavaScript @@ -898,10 +899,12 @@ public abstract class BaseHandlerTag extends BodyTagSupport { */ protected void prepareAttribute(StringBuffer handlers, String name, Object value) { if (value != null) { + if (name.indexOf('') = 0) + throw new IllegalArgumentException(quote character in attribute name); handlers.append( ); handlers.append(name); handlers.append(=\); -handlers.append(value); +handlers.append(ResponseUtils.filterIfQuote(value.toString())); handlers.append(\); } } diff --git a/src/org/apache/struts/taglib/html/BaseTag.java b/src/org/apache/struts/taglib/html/BaseTag.java index 8c5214b..004ff6a 100644 --- a/src/org/apache/struts/taglib/html/BaseTag.java +++ b/src/org/apache/struts/taglib/html/BaseTag.java @@ -30,6 +30,7 @@ import org.apache.struts.Globals; import org.apache.struts.taglib.TagUtils; import org.apache.struts.util.MessageResources; import org.apache.struts.util.RequestUtils; +import org.apache.struts.util.ResponseUtils; /** * Renders an HTML base element with an href @@ -112,13 +113,14 @@ public class BaseTag extends TagSupport { String uri) { StringBuffer tag = new StringBuffer(base href=\); -tag.append(RequestUtils.createServerUriStringBuffer(scheme,serverName,port,uri).toString()); +tag.append(ResponseUtils.filterIfQuote( + RequestUtils.createServerUriStringBuffer(scheme,serverName,port,uri).toString())); tag.append(\); if (this.target != null) { tag.append( target=\); -tag.append(this.target); +tag.append(ResponseUtils.filterIfQuote(this.target)); tag.append(\); } diff --git a/src/org/apache/struts/taglib/html/FormTag.java b/src/org/apache/struts/taglib/html/FormTag.java index e8eb9b4..070d090 100644 --- a/src/org/apache/struts/taglib/html/FormTag.java +++ b/src/org/apache/struts/taglib/html/FormTag.java @@ -37,6 +37,7 @@ import org.apache.struts.config.ModuleConfig; import org.apache.struts.taglib.TagUtils; import org.apache.struts.util.MessageResources; import org.apache.struts.util.RequestUtils; +import org.apache.struts.util.ResponseUtils; /** * Custom tag that represents an input form, associated with a bean whose @@ -547,10 +548,10 @@ public class FormTag extends TagSupport { results.append( action=\); results.append( -response.encodeURL( +ResponseUtils.filterIfQuote(response.encodeURL( TagUtils.getInstance().getActionMappingURL( this.action, -this.pageContext))); +this.pageContext; results.append(\); } @@ -580,7 +581,7 @@ public class FormTag extends TagSupport { results.append(divinput type=\hidden\ name=\); results.append(Constants.TOKEN_KEY); results.append(\ value=\); -results.append(token); +results.append(ResponseUtils.filterIfQuote(token)); if (this.isXhtml()) { results.append(\ /); } else { @@ -599,9 +600,10 @@ public class FormTag extends TagSupport { protected void renderAttribute(StringBuffer
Vos traductions par des professionnels
Besoin de Traduction? MISTERBABEL.COM Le meilleur rapport Réactivité / Qualité / Prix MISTERBABEL.com LE TRADUCTEUR À VOS CÔTÉS Toutes vos traductions professionnelles, emails, sites Internet, courriers, plaquettes, ... Réactivité Traductions professionnelles en ligne 7j/7, 24h/24. Simplicité En ligne, consultable n'importe où, n'importe quand. Pas de devis grâce à carte de traduction prépayée. Qualité Tous nos traducteurs sont des professionnels de la traduction. Ils sont tous signataires de la Charte de Qualité MisterBabel. Profitez de notre offre spéciale : 10€ offerts Pour tout achat d'un Pack au choix Votre code promo: 10EUROS (offre valable pour tout premier achat, valable jusqu'au 31 mai 2009) L'équipe MisterBabel à votre service au 08 92 70 12 42 (0,34 euro la minute) ou cont...@misterbabel.com Si vous ne souhaitez plus recevoir de messages de la part de MisterBabel, http://form.message-business.net/Publish.aspx?xmlFile=25899; ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
You Are Guaranteed $1.7m
National Agency España Dr.Pauly Ulrich Address: Avda .Del Petroleo 222 Polig Madrid Spain. http://www.euromillions.com/ Your Email Was Selected As Winner of $1.7M,for claim Contact Mr.Paul Ulrich Via Tel: Tel:+34 634 162 345 Email: nationaltru...@aim.com (¡) Batch. Nº: EULO/2907/444/908/07.,(v)Ref. Nº: ESM/WIN/008/05/10/MA ,lucky numbers 14-16-23-40-46 Best Regards, Mrs. Emily Simon. ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Bug#523054: Any likely update for mod_jk?
Hi, I wondered if any fix is likely to be available for CVE-2008-5519 (information disclosure, looks potentially quite severe) any time soon or if any more help is needed? Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
3 Keys too Becoming a Master Lover
inline: Hooke.png___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
How To Seduce A Waoman
inline: Repsher.png___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Bug#528389: CVE-2009-1523: Directory traversal vulnerability in the HTTP server in Mort Bay Jetty
Package: jetty Severity: serious Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for jetty. CVE-2009-1523[0]: | Directory traversal vulnerability in the HTTP server in Mort Bay Jetty | before 6.1.17, and 7.0.0.M2 and earlier 7.x versions, allows remote | attackers to access arbitrary files via directory traversal sequences | in the URI. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1523 http://security-tracker.debian.net/tracker/CVE-2009-1523 ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
libitext-java 2.1.5-1 MIGRATED to testing
FYI: The status of the libitext-java source package in Debian's testing distribution has changed. Previous version: 2.1.4-1 Current version: 2.1.5-1 -- This email is automatically generated once a day. As the installation of new packages into testing happens multiple times a day you will receive later changes on the next day. See http://release.debian.org/testing-watch/ for more information. ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Congratulation
Your e-mail address have just won you EUR1.000.000.00 (One Million Euro Only) contact this office for more detail: Mr.Cliff Branson Tel: 0034-687-413-988 Email: (cliffbran...@luckymail.com ) Once again congratulations. Your email address has brought to you this Unexpected luck. Mrs. Helen Gomez. (Lottery coordinator ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Processed: severity of 525310 is normal, tagging 525310
Processing commands for cont...@bugs.debian.org: severity 525310 normal Bug#525310: pdfsam-console won't start (missing required file) Severity set to `normal' from `grave' tags 525310 + unreproducible Bug#525310: pdfsam-console won't start (missing required file) There were no tags set. Tags added: unreproducible End of message, stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Secret of Sensual Lovve Making - The 4 Big Basics
inline: Gabler.png___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
The Quickie - Where, Hqow and When
inline: Sugden.png___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers