Bug#441205: marked as done (CVE-2007-4724 XSS in cal2.jsp)

Fri, 14 Aug 2009 06:54:48 -0700 

Your message dated Fri, 14 Aug 2009 15:51:09 +0200
with message-id <[email protected]>
and subject line CVE-2007-4724 XSS in cal2.jsp
has caused the Debian Bug report #441205,
regarding CVE-2007-4724 XSS in cal2.jsp
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
441205: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441205
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: tomcat5-webapps
Version: 5.0.30-12
Severity: minor
Tags: security

Hi,
a CVE[0] has been issued against your package.
CVE-2007-4724:
Cross-site request forgery (CSRF) vulnerability in cal2.jsp 
in the calendar examples application in Apache Tomcat 4.1.31 
allows remote attackers to add events as arbitrary users via 
the time and description parameters.

I verified that this isse is present in etch however it is 
fixed in tomcat5.5-webapps in unstable and testing.
Please include the CVE id in the changelog if you fix this 
issue.

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4724

Kind regards
Nico

-- 
Nico Golde - http://ngolde.de - [email protected] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpmtzxMBV8dU.pgp
Description: PGP signature


--- End Message ---
--- Begin Message --- 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bug not present in Tomcat 6.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkqFa80ACgkQXjXn6TzcAQlofwCg9XGUv5o7k+6Rtj15RDwkZMIj
OHQAoOIoiHmKLmj2fi393B6OFGBrLm02
=D0dp
-----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
pkg-java-maintainers mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers

Reply via email to