-java (2.9.1-4.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2009-2625: denial of service (infinite loop and application hang)
+via malformed XML input (Closes: #548358)
+
+ -- Giuseppe Iuculano iucul...@debian.org Fri, 29 Jan 2010 11:19:09 +0100
Package: jetty
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for jetty.
CVE-2009-4610[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty
| 6.x and 7.0.0 allow
Package: jetty
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for jetty.
CVE-2009-4612[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP
| Snoop page in Mort Bay
Package: jetty
Severity: important
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for jetty.
CVE-2009-4609[0]:
| The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote
| attackers to obtain
Hi,
the following CVE (Common Vulnerabilities Exposures) id was
published for libstruts1.2-java some time ago.
CVE-2008-2025[0]:
| Cross-site scripting (XSS) vulnerability in Apache Struts before
| 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2
| on SUSE openSUSE 10.3,
Package: tomcat6
Version: 6.0.16-1 6.0.18-dfsg1-1
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for tomcat6.
CVE-2009-0033[0]:
| Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through
Package: tomcat5
Version: 5.0.30-12etch1
Severity: serious
Tags: security patch
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities Exposures) ids were
published for tomcat5.
CVE-2009-0033[0]:
| Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27,
clone 532363 -1
reassign -1 tomcat5.5
___
pkg-java-maintainers mailing list
pkg-java-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
Hi,
also CVE-2008-5515 is now disclosed:
Information Disclosure CVE-2008-5515
When using a RequestDispatcher obtained from the Request, the target path was
normalised before the query string was removed. A request that included a
specially crafted request parameter could be used to access
@@
+libstruts1.2-java (1.2.9-3.1) unstable; urgency=high
+
+ * Non-maintainer upload by the testing Security Team.
+ * Fixed CVE-2008-2025: Cross-site scripting (XSS) vulnerability.
+(Closes: #528352)
+
+ -- Giuseppe Iuculano iucul...@debian.org Sun, 06 Dec 2009 14:13:59 +0100
+
libstruts1.2-java
10 matches
Mail list logo