Bug#548358: NMU

-java (2.9.1-4.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fixed CVE-2009-2625: denial of service (infinite loop and application hang) +via malformed XML input (Closes: #548358) + + -- Giuseppe Iuculano iucul...@debian.org Fri, 29 Jan 2010 11:19:09 +0100

Bug#575790: CVE-2009-4610: Multiple cross-site scripting (XSS) vulnerabilities

Package: jetty Severity: serious Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, the following CVE (Common Vulnerabilities Exposures) id was published for jetty. CVE-2009-4610[0]: | Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty | 6.x and 7.0.0 allow

Bug#575789: CVE-2009-4612: Multiple cross-site scripting (XSS) vulnerabilities

Package: jetty Severity: serious Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, the following CVE (Common Vulnerabilities Exposures) id was published for jetty. CVE-2009-4612[0]: | Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP | Snoop page in Mort Bay

Bug#575791: CVE-2009-4609: information leaks

Package: jetty Severity: important Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, the following CVE (Common Vulnerabilities Exposures) id was published for jetty. CVE-2009-4609[0]: | The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote | attackers to obtain

libstruts1.2-java update for CVE-2008-2025 in stable

Hi, the following CVE (Common Vulnerabilities Exposures) id was published for libstruts1.2-java some time ago. CVE-2008-2025[0]: | Cross-site scripting (XSS) vulnerability in Apache Struts before | 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 | on SUSE openSUSE 10.3,

Bug#532362: CVE-2009-0033 CVE-2009-0580 CVE-2009-0783 CVE-2009-0781: Apache Tomcat 6 Multiple Vulnerabilities

Package: tomcat6 Version: 6.0.16-1 6.0.18-dfsg1-1 Severity: serious Tags: security patch -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, the following CVE (Common Vulnerabilities Exposures) ids were published for tomcat6. CVE-2009-0033[0]: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through

Bug#532363: CVE-2009-0033 CVE-2009-0580 CVE-2009-0783 CVE-2009-0781: Apache Tomcat 5 Multiple Vulnerabilities

Package: tomcat5 Version: 5.0.30-12etch1 Severity: serious Tags: security patch -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, the following CVE (Common Vulnerabilities Exposures) ids were published for tomcat5. CVE-2009-0033[0]: | Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27,

cloning 532363, reassign -1 to tomcat5.5

clone 532363 -1 reassign -1 tomcat5.5 ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers

Bug#532363: CVE-2008-5515

Hi, also CVE-2008-5515 is now disclosed: Information Disclosure CVE-2008-5515 When using a RequestDispatcher obtained from the Request, the target path was normalised before the query string was removed. A request that included a specially crafted request parameter could be used to access

Bug#528352: NMU

@@ +libstruts1.2-java (1.2.9-3.1) unstable; urgency=high + + * Non-maintainer upload by the testing Security Team. + * Fixed CVE-2008-2025: Cross-site scripting (XSS) vulnerability. +(Closes: #528352) + + -- Giuseppe Iuculano iucul...@debian.org Sun, 06 Dec 2009 14:13:59 +0100 + libstruts1.2-java