Hi Moritz, Le jeudi 16 février 2012 19:42:09, Damien Raude-Morvan a écrit : > On 09/02/2012 21:16, Moritz Mühlenhoff wrote: > > There's a new issues, which affects 1.x: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1007 > > From [1], it seems there is no actual fix for this issue :( > I'll contact Struts Security Team on this matter.
Okay, I got some feedback for Struts Security Team. This particular security issue doesn't affect Struts as binary library (ie. /usr/share/java/struts-1.2.jar is unaffected) but concern only samples provided as source is /usr/share/doc/libstruts1.2-java/example* Do you think we should provide an updated package for squeeze (I think we can just drop examples) ? Cheers, -- Damien
signature.asc
Description: This is a digitally signed message part.
